search

mehcode / config-rs

⚙️ Layered configuration system for Rust applications (with strong support for 12-factor applications).
Apache License 2.0
2.43k stars 206 forks source link

Switch from yaml-rust to yaml-rust2 #567

Closed gionapaolini closed 3 weeks ago

gionapaolini commented 3 weeks ago

It looks like the yaml-rust crate is not actively maintained anymore.

cargo-deny (https://github.com/EmbarkStudios/cargo-deny) suggests to switch to yaml-rust2

cargo deny check advisories

error[unmaintained]: yaml-rust is unmaintained.
    ┌─ ....../Cargo.lock:313:1
    │
313 │ yaml-rust 0.4.5 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- unmaintained advisory detected
    │
    = ID: RUSTSEC-2024-0320
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0320
    = The maintainer seems [unreachable](https://github.com/chyh1990/yaml-rust/issues/197).

      Many issues and pull requests have been submitted over the years
      without any [response](https://github.com/chyh1990/yaml-rust/issues/160).

      ## Alternatives

      Consider switching to the actively maintained `yaml-rust2` fork of the original project:

      - [yaml-rust2](https://github.com/Ethiraric/yaml-rust2)
      - [yaml-rust2 @ crates.io](https://crates.io/crates/yaml-rust2))
    = Announcement: https://github.com/rustsec/advisory-db/issues/1921
    = Solution: No safe upgrade is available!
    = yaml-rust v0.4.5
      └── config v0.14.0
gionapaolini commented 3 weeks ago

I apologise for the oversight, there is already a merged pr for that https://github.com/mehcode/config-rs/pull/554

Closing