Could we get a release with a bumped version of nix?

svartalf / rust-battery

Rust crate providing cross-platform information about the notebook batteries.

https://crates.io/crates/battery

Apache License 2.0

354 stars 40 forks source link

Could we get a release with a bumped version of nix? #91

Open ClementTsang opened 2 years ago

ClementTsang commented 2 years ago

One of the dependencies, nix 0.19, has a security vulnerability and 0.19 does not have a patch with the fix, with only versions 0.20 and greater having patches to fix the vuln.

Would be great if we could get a dependency version bump + release to address this. I tried updating nix to 0.22 and it seems to work fine (0.23 uses a newer version of bitflags which might problems for others).

Let me know if I can help in any way, thanks!

rtzoeller commented 2 years ago

Note that nix 0.24.1 is now out. The 0.24 release splits nix into features, so I'd recommend updating to that and enabling just the features you need to improve compile times (setting default-features = false along the way).

ClementTsang commented 2 years ago

Anyone coming across this issue may want to consider migrating to https://crates.io/crates/starship-battery instead.