simba icon indicating copy to clipboard operation
simba copied to clipboard
verified publisher icon dimforge

`paste` dependency is no longer maitained

Open djmaxus opened this issue 8 months ago • 1 comments

How to reproduce

  1. Obtain simba 0.9.0 source code
  2. Install caro-audit
  3. Run cargo audit -Dwarnings in the crate's root

Result:

Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
└── simba 0.9.0

P.S. My crate indirectly depends on simba (via nalgerbra). My motivation to submit this issue might be a matter of taste: my CI requires cargo audit -Dwarnings to pass, which is probably too pedantic. Anyway, thank you for considering this issue, and please ask me to elaborate on my very brief report if needed.

djmaxus avatar Apr 06 '25 14:04 djmaxus

I have the same issue.

For reference, aws-lc-rs removed paste as a dependency last month to address this issue: https://github.com/aws/aws-lc-rs/issues/722

onyiny-ang avatar Apr 07 '25 20:04 onyiny-ang