rgit
rgit copied to clipboard
w4
RUSTSEC-2024-0320: yaml-rust is unmaintained.
yaml-rust is unmaintained.
| Details | |
|---|---|
| Status | unmaintained |
| Package | yaml-rust |
| Version | 0.4.5 |
| URL | https://github.com/rustsec/advisory-db/issues/1921 |
| Date | 2024-03-20 |
The maintainer seems unreachable.
Many issues and pull requests have been submitted over the years without any response.
Alternatives
Consider switching to the actively maintained yaml-rust2 fork of the original project:
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
stappers@juli:~/src/rgit
$ git pull
Already up to date.
stappers@juli:~/src/rgit
$ git remote -v
origin https://github.com/w4/rgit.git (fetch)
origin https://github.com/w4/rgit.git (push)
stappers@juli:~/src/rgit
$ grep -ir yaml
tree-sitter-grammar-repository/build.rs: "llvm-mir-yaml",
stappers@juli:~/src/rgit
$
@github-actions bump, rescan or whatever.
As I see it, crate yaml-rust is for this git repository a secondary crate. With secondary crate do I mean "not a crate that was chosen, a crate being pulling in by crate that were chosen".
stappers@juli:~/src/rgit $ git pull Already up to date. stappers@juli:~/src/rgit $ git remote -v origin https://github.com/w4/rgit.git (fetch) origin https://github.com/w4/rgit.git (push) stappers@juli:~/src/rgit $ grep -ir yaml tree-sitter-grammar-repository/build.rs: "llvm-mir-yaml", stappers@juli:~/src/rgit $@github-actions bump, rescan or whatever.
When bump or rescan is not possible, close this issue.
The closing has some benefits:
- The closed issue wouldn't drain further human energy.
- "github-actions" can report it again, if again
yaml-rustusage is detected.