rustypaste icon indicating copy to clipboard operation
rustypaste copied to clipboard

Published 20 hours ago verified publisher icon orhun

RUSTSEC-2024-0320: yaml-rust is unmaintained.

Open github-actions[bot] opened this issue 1 year ago • 4 comments

yaml-rust is unmaintained.

Details
Status unmaintained
Package yaml-rust
Version 0.4.5
URL https://github.com/rustsec/advisory-db/issues/1921
Date 2024-03-20

The maintainer seems unreachable.

Many issues and pull requests have been submitted over the years without any response.

Alternatives

Consider switching to the actively maintained yaml-rust2 fork of the original project:

See advisory page for additional details.

github-actions[bot] avatar Apr 28 '24 00:04 github-actions[bot]

Looks like we need a new release of config dependency for resolving this.

orhun avatar Apr 28 '24 01:04 orhun

This will be interesting, especially since config-rs is unmaintained as well.

tessus avatar Jun 05 '24 11:06 tessus

everything is falling apart 🥲

orhun avatar Jun 05 '24 16:06 orhun

The config crate is used extensively in the rust ecosystem, thus I believe a new maintainer will be found sooner or later.

But yes, I never liked these dependencies. In C you had a few include files and sometimes 3rd party libs, but that was it. Every single rust project has at least 10 dependencies. This was always somethig that made me slightly nervous.

tessus avatar Jun 05 '24 23:06 tessus