Fix unmaintained audit warning for yaml-rust

trishume / syntect

Rust library for syntax highlighting using Sublime Text syntax definitions.

https://docs.rs/syntect

MIT License

1.89k stars 132 forks source link

Fix unmaintained audit warning for yaml-rust #544

Open SleeplessOne1917 opened 4 months ago

SleeplessOne1917 commented 4 months ago

When running cargo audit on this repo, I get a warning that yaml-rust is no longer maintained:

Crate:     yaml-rust
Version:   0.4.5
Warning:   unmaintained
Title:     yaml-rust is unmaintained.
Date:      2024-03-20
ID:        RUSTSEC-2024-0320
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0320
Dependency tree:
yaml-rust 0.4.5
└── syntect 5.2.0

This PR replaces that dependency with yaml-rust2, which does the same thing and has the same API, but is also actively maintained.

Some other warnings popped up as well, but they were related to dev dependencies, so likely not a big deal.

SleeplessOne1917 commented 4 months ago

I really need to check the PR tracker first, as there is already a PR for this with #538. Maintainers' call as to which PR to use.

Enselic commented 4 months ago

I've looked at the others and I think this PR is the one to use.

Can you fix the CI failure please?

Note to self: There is no Cargo.lock diff since there is no Cargo.lock.

SleeplessOne1917 commented 4 months ago

Failures for 2 of the steps are saying Makefile.sublime-syntax: Invalid YAML file syntax: comments must be separated from other tokens by whitespace at byte 10 line 2 column 1. Do you know where I can find that file, as it's not showing up when I search through the project files.

Also, I'm not sure what to do about the minimum supported rust version test.

keith-hall commented 4 months ago

Makefile.sublime-syntax is in the testdata folder, Packages submodule, Makefile subfolder

If the yaml specification and version of the yaml file hasn't changed, why is it reporting a parse error I wonder when it didn't before?

SleeplessOne1917 commented 4 months ago

Makefile.sublime-syntax is in the testdata folder, Packages submodule, Makefile subfolder

Is that file supposed to be generated? I don't see anyhthing in that directory.

keith-hall commented 4 months ago

It will appear when you checkout the git submodules https://github.com/trishume/syntect#getting-started

SleeplessOne1917 commented 4 months ago

I did some investigation and it turns out yaml-rust2 is buggy. It doesn't recognize this kind of header for YAML files:

%YAML 1.2
---
# actual content here

It is also unable to parse Markdown.sublime-syntax. To check that it was an issue with the library and not the YAML file itself, I pasted the contents into this YAML validator and it says it's valid. I tested the same file in a little test project I threw together and, surely enough, it gave me the same errors it gave in this repo's CI tests.

I'll open an issue on the library's repository.

Ethiraric commented 4 months ago

Also, I'm not sure what to do about the minimum supported rust version test.

If you were using yaml-rust, you can disable the default features of yaml-rust2 to lower MSRV from 1.70 to 1.65.

Enselic commented 4 months ago

Feel free to bump MSRV if needed

Ethiraric commented 1 week ago

Hi! If you still want to transition to yaml-rust2, is there anything I can help you with?

SleeplessOne1917 commented 1 week ago

@Ethiraric I forgot about this PR. I'll squeeze some time in this week to see if there's anything I can address on my end to get the build passing.