search

kube-rs / kube

Rust Kubernetes client and controller runtime
https://kube.rs
Apache License 2.0
3.03k stars 314 forks source link

RUSTSEC-2024-0384: `instant` is unmaintained #1635

Open github-actions[bot] opened 1 week ago

github-actions[bot] commented 1 week ago
Details
Package instant
Version 0.1.13
Warning unmaintained
URL n/a
Patched Versions n/a

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.

clux commented 1 week ago

Pulled in via backoff:

error[unmaintained]: `instant` is unmaintained
    ┌─ /github/workspace/Cargo.lock:107:1
    │
107 │ instant 0.1.13 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
    │
    ├ ID: RUSTSEC-2024-0384
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0384
    ├ This crate is no longer maintained, and the author recommends using the maintained [`web-time`] crate instead.

      [`web-time`]: https://crates.io/crates/web-time
    ├ Solution: No safe upgrade is available!
    ├ instant v0.1.13
      └── backoff v0.4.0
          └── kube-runtime v0.96.0
flavio commented 1 week ago

Backoff is no longer maintained. I suggest switching to backon. We (Kubewarden team) have positive experience with that.

If you want I can help with the migration

clux commented 13 hours ago

backon sounds good to me. The backon author suggested as much as well in https://github.com/kube-rs/kube/issues/923#issuecomment-2323831562 and remember looking into it then as a (at the very least) suitable candidate. feel free to have a go if you have time - happy to assign you.