search

lucid-kv / lucid

High performance and distributed KV store w/ REST API. 🦀
https://clintnetwork.gitbook.io/lucid/
MIT License
378 stars 31 forks source link

RUSTSEC-2019-0031: spin is no longer actively maintained #41

Open github-actions[bot] opened 4 years ago

github-actions[bot] commented 4 years ago

spin is no longer actively maintained

Details
Status unmaintained
Package spin
Version 0.5.2
URL https://github.com/mvdnes/spin-rs/commit/7516c80
Date 2019-11-21
Unaffected versions > 0.5.2

The author of the spin crate does not have time or interest to maintain it.

Consider lock_api (a subproject of parking_lot) as an alternative which also supports no_std environments.

See advisory page for additional details.

shuni64 commented 4 years ago

We'll have to wait until the ring authors fix it in https://github.com/briansmith/ring/issues/921. We'll also have to update our dependencies to use a newer version of ring, which is probably going to involve changing parts of Lucid to use async-await syntax, although we can't do that without using the git repository revision of warp directly because version 0.2 isn't released on crates.io yet.

But this isn't too important to fix immediately, the spin crate still works and shouldn't break in the foreseeable future. Once everything is up-to-date and ring doesn't use it anymore this issue can be closed without requiring additional attention.

imclint21 commented 4 years ago

Alright @CephalonRho!