Open yanliu18 opened 2 years ago
Description: while performing package dependency linting using cargo-audit tool, the following attached adversary is reported.
cargo-audit
Steps to reproduce:
cargo audit
cargo.lock
cargo audit --json
The serde_cbor crate is unmaintained. The author has archived the github repository. Alternatives proposed by the author: ciborium minicbor
The serde_cbor crate is unmaintained. The author has archived the github repository. Alternatives proposed by the author:
serde_cbor
ciborium
minicbor
"warnings": { "unmaintained": [ { "kind": "unmaintained", "package": { "name": "serde_cbor", "version": "0.11.2", "source": "registry+https://github.com/rust-lang/crates.io-index", "checksum": "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5", "dependencies": [ { "name": "half", "version": "1.8.2", "source": "registry+https://github.com/rust-lang/crates.io-index" }, { "name": "serde", "version": "1.0.139", "source": "registry+https://github.com/rust-lang/crates.io-index" } ], "replace": null }, "advisory": { "id": "RUSTSEC-2021-0127", "package": "serde_cbor", "title": "serde_cbor is unmaintained", "description": "The `serde_cbor` crate is unmaintained. The author has archived the github repository.\n\nAlternatives proposed by the author:\n\n * [`ciborium`](https://crates.io/crates/ciborium)\n * [`minicbor`](https://crates.io/crates/minicbor)", "date": "2021-08-15", "aliases": [], "related": [], "collection": "crates", "categories": [], "keywords": [], "cvss": null, "informational": "unmaintained", "references": [], "source": null, "url": "https://github.com/pyfisch/cbor", "withdrawn": null }, "versions": { "patched": [], "unaffected": [] } } ] }
Note : It is used only by dev dependency ( by criterion crate) for testing.
I will look into it though to see what can be done.
Description: while performing package dependency linting using
cargo-audit
tool, the following attached adversary is reported.Steps to reproduce:
cargo audit
tool.cargo.lock
cargo audit --json