RUSTSEC-2024-0320: yaml-rust is unmaintained.

wnfs-wg / rs-wnfs

Rust implementation of the WebNative FileSystem (WNFS) specification

https://github.com/wnfs-wg

Apache License 2.0

145 stars 23 forks source link

RUSTSEC-2024-0320: yaml-rust is unmaintained. #418

Closed github-actions[bot] closed 1 month ago

github-actions[bot] commented 7 months ago

yaml-rust is unmaintained.

Details
Status	unmaintained
Package	`yaml-rust`
Version	`0.4.5`
URL	https://github.com/rustsec/advisory-db/issues/1921
Date	2024-03-20

The maintainer seems unreachable.

Many issues and pull requests have been submitted over the years without any response.

Alternatives

Consider switching to the actively maintained yaml-rust2 fork of the original project:

See advisory page for additional details.

matheus23 commented 1 month ago

I don't see this in our dependency tree anymore:

$ cargo tree -i yaml-rust
warning: virtual workspace defaulting to `resolver = "1"` despite one or more workspace members being on edition 2021 which implies `resolver = "2"`
note: to keep the current resolver, specify `workspace.resolver = "1"` in the workspace root's manifest
note: to use the edition 2021 resolver, specify `workspace.resolver = "2"` in the workspace root's manifest
note: for more details see https://doc.rust-lang.org/cargo/reference/resolver.html#resolver-versions
error: package ID specification `yaml-rust` did not match any packages