cargo-deny issue due to transitive dependency `safemem`, which is no longer maintained - Githubissues

trishume / syntect

Rust library for syntax highlighting using Sublime Text syntax definitions.

https://docs.rs/syntect

MIT License

1.85k stars 130 forks source link

cargo-deny issue due to transitive dependency `safemem`, which is no longer maintained #521

Open nazmulidris opened 4 months ago

nazmulidris commented 4 months ago

The safemem crate is no longer maintained: https://rustsec.org/advisories/RUSTSEC-2023-0081.html

Here's the transitive dependency that syntect has on this crate, via plist, via line-wrap.

Here’s the plist crate that is used
- This has a dependency on line-wrap
  - Which has a dependency on safemem

line-wrap has made the necessary changes and published v0.2.0:

https://bitbucket.org/marshallpierce/line-wrap-rs/issues/1/safemem-crate-is-unmaintained-and-archived

However, changes have not currently been made to plist, though this issue is open: https://github.com/ebarnard/rust-plist/pull/134/

nazmulidris commented 3 months ago

plist has updated it's dependencies, and moved away from using safemem. https://github.com/ebarnard/rust-plist/pull/134

Can Cargo.toml be updated to use this latest version?