rustypaste-cli
rustypaste-cli copied to clipboard
orhun
RUSTSEC-2023-0050: multipart is Unmaintained
multipart is Unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | multipart |
| Version | 0.18.0 |
| URL | |
| Date | 2023-04-11 |
The multipart crate is unmaintained. The author has archived the github
repository.
Alternatives:
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I currently only looked at how multer works, but maybe there is a way to use a framework that already allows multipart data. I am also not too familiar with streams in Rust, so I should probably not touch this code for now. The current issue I see is that ureq uses blocking IO, while most other frameworks use async. e.g. multer also uses async.
There is also a fork of multipart available ureq_multipart, but I have no idea of the status.
I don't know, maybe switching to another http client lib like reqwest might be a better move. But I really have no idea. Maybe @orhun can estimate the complexity of using an async multipart crate in a blocking env, versus changing the http client library.
I tried to implement rustypaste-cli with as few dependencies as possible so I went with ureq in the beginning. From the looks of our available options, it seems pretty bad/painful either way. I will look into it in more detail soon.
I understand. It makes perfect sense. ureq still seems to be maintained. So maybe the easiest would be for now just to use ureq_multipart.
In the future when you are bored you can always switch to an async http client. ;-)