RUSTSEC-2024-0320: yaml-rust is unmaintained.

epi-project / brane

Programmable Orchestration of Applications and Networking

Apache License 2.0

9 stars 7 forks source link

Closed github-actions[bot] closed 6 days ago

github-actions[bot] commented 3 months ago

yaml-rust is unmaintained.

Details
Status	unmaintained
Package	`yaml-rust`
Version	`0.4.5`
URL	https://github.com/rustsec/advisory-db/issues/1921
Date	2024-03-20

The maintainer seems unreachable.

Many issues and pull requests have been submitted over the years without any response.

Consider switching to the actively maintained yaml-rust2 fork of the original project:

See advisory page for additional details.

Lut99 commented 2 weeks ago

Ah, this problem. serde-yaml, which is how we depend on yaml-rust, is actually deprecated too. Has no replacement AFAIK.

Lut99 commented 2 weeks ago

Apparently there is a replacement for serde_yaml: serde_yml. Will do this soon.

Lut99 commented 6 days ago

willfix after all! Thanks, @DanielVoogsgerd!