Closed stefano-garzarella closed 3 months ago
more information here: https://github.com/rustsec/advisory-db/issues/1921
I have a PR open to switch to a different crate: https://github.com/mehcode/config-rs/pull/474
If anyone wants to pick up my work there that's appreciated, otherwise I plan to get my PRs for this project when I can spare the time. Presently I'm hoping for that to be in April/May but I keep getting tied up elsewhere 😩
serde-yaml
used in https://github.com/mehcode/config-rs/pull/474 is also unmaintained 😓
serde-yaml
used in #474 is also unmaintained 😓
Oh I see it was archived with a final release just 2 days ago.
Perhaps it could be moved to the same rust org that config-rs is being relocated to for future maintenance? 🤷♂️
RUSTSEC-2024-0320 suggests another crate:
Consider switching to the actively maintained
yaml-rust2
fork of the original project:
Yaml-rust2's author is also active in https://github.com/rustsec/advisory-db/issues/1921 issue linked in https://github.com/mehcode/config-rs/issues/553#issuecomment-2020516550 .
@0rzech thanks for the quick fix! @matthiasbeyer is there a release planned soon with this fix?
Thanks, Stefano
No, see #549 .
We are using this crate in https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock We run
cargo-audit
in our CI which now is reporting that a dependency of this crate is unmaintained: