search

mehcode / config-rs

⚙️ Layered configuration system for Rust applications (with strong support for 12-factor applications).
Apache License 2.0
2.43k stars 206 forks source link

yaml-rust is unmaintained - replace with yaml-rust2? #558

Closed bcorey closed 2 months ago

bcorey commented 2 months ago

cargo deny reports that yaml-rust is unmaintained and recommends replacing it with the yaml-rust2 fork. It looks to be a drop-in replacement.


Run cargo deny check advisories
2024-04-15 04:05:06 [WARN] unable to find a config path, falling back to default config
error[unmaintained]: yaml-rust is unmaintained.
    ┌─ /home/runner/work/zero2prod2/zero2prod2/Cargo.lock:278:1
    │
278 │ yaml-rust 0.4.5 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- unmaintained advisory detected
    │
    = ID: RUSTSEC-2024-0320
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0320
    = The maintainer seems [unreachable](https://github.com/chyh1990/yaml-rust/issues/197).

      Many issues and pull requests have been submitted over the years
      without any [response](https://github.com/chyh1990/yaml-rust/issues/160).

      ## Alternatives

      Consider switching to the actively maintained `yaml-rust2` fork of the original project:

      - [yaml-rust2](https://github.com/Ethiraric/yaml-rust2)
      - [yaml-rust2 @ crates.io](https://crates.io/crates/yaml-rust2))
    = Announcement: https://github.com/rustsec/advisory-db/issues/1921
    = Solution: No safe upgrade is available!
    = yaml-rust v0.4.5
      └── config v0.14.0
          └── zero2prod2 v0.1.0
bcorey commented 2 months ago

change already made on master

tahaafzal5 commented 1 month ago

If the change is merged into master already, would any of the maintainers publish a new version please?