search

servo / font-kit

A cross-platform font loading library written in Rust
Apache License 2.0
678 stars 100 forks source link

RUSTSEC-2020-0053: dirs: dirs is unmaintained, use dirs-next instead #173

Closed brightly-salty closed 3 years ago

brightly-salty commented 3 years ago

After running cargo audit on my project, which has a transient dependence on font-kit, I got the following security advisory concerning the dirs dependency:

Crate:         dirs
Version:       2.0.2
Warning:       unmaintained
Title:         dirs is unmaintained, use dirs-next instead
Date:          2020-10-16
ID:            RUSTSEC-2020-0053
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0053
Dependency tree:
dirs 2.0.2
└── font-kit 0.8.0

From the website, dirs-next would be a good replacement (I think drop-in?). I do realize this is a previous release, but I checked the current release, and dirs is still depended upon for some architectures.

jdm commented 3 years ago

Want to make a pull request?

brightly-salty commented 3 years ago

Sure, I can try to attempt it.