RUSTSEC-2024-0419: gtk-rs GTK3 bindings - no longer maintained

[github-actions[bot]]

gtk-rs GTK3 bindings - no longer maintained

Details
Status	unmaintained
Package	gtk3-macros
Version	0.18.2
URL	https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6
Date	2024-03-04

The gtk-rs GTK3 bindings are no longer maintained.

The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained.

Please take a look at gtk4-rs instead.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2024-0419.html) for additional details.

[Taxrosdev]

@FabianLars Why was this closed? it appears Tauri and Tao still depend on gtk3. I'm constantly getting dependabot security warnings about a library GTK3 depends on being vulnerable, because GTK3 requires an old version of that library.

Looking at the crates.io page for this project shows that it's still in use.

In WRY it was closed as not planned, and it is rather confusing as to why anyone would want a potential security issue to be treated as "not planned".

[FabianLars]

no worries, we plan to downgrade to gtk2 asap. that should get rid of the dependabot warnings :)

In WRY it was closed as not planned, and it is rather confusing as to why anyone would want a potential security issue to be treated as "not planned".

Not Planned is for duplicate issues:

I used github refined's batch close feature for those which sadly means that the issue they were closed as a duplicate of wasn't linked. That's ofc my bad, i didn't have that in mind.

In tao i wanted to do the same but misclicked on Close as completed. I also didn't mean to close all 10 of them in this repo as there's no , so thanks for reaching out. I'll reopen this one here then.

---

See https://github.com/tauri-apps/tauri/issues/11928#issuecomment-2593850510 for a general roadmap for gtk4 support (no timelines). At this point in time i doubt we can get rid of gtk3 in 2025 unless we get some serious help.