Open d3rpp opened 2 months ago
Update: it appears, yaml-rust
isn't being used in the crate at all?
I'll submit a PR to run the update regardless, though it may be worth looking into removing it all together since the dependency doesn't seem to be referenced in the code at all.
Update: it appears,
yaml-rust
isn't being used in the crate at all?
It's used throughout this file
Update: it appears,
yaml-rust
isn't being used in the crate at all?It's used throughout this file
Ah, my apologies
yaml-rust
appears to be unmaintained, however, the community has published an actively maintained fork under the name ofyaml-rust2
, It is a drop in replacement.Details on "Vulnerability" - RUSTSEC-2024-0320.
Assuming this isn't a duplicate (I could not find this being brought up before in this issues list), I will submit a PR dropping this in, it's a single line so assuming the developers of
yaml-rust2
didn't change the API, shouldn't be an issue.