witnet-rust icon indicating copy to clipboard operation
witnet-rust copied to clipboard

Published 20 hours ago verified publisher icon witnet

RUSTSEC-2020-0016: `net2` crate has been deprecated; use `socket2` instead

Open github-actions[bot] opened this issue 5 years ago • 2 comments

net2 crate has been deprecated; use socket2 instead

Details
Status unmaintained
Package net2
Version 0.2.34
URL https://github.com/deprecrated/net2-rs/commit/3350e3819adf151709047e93f25583a5df681091
Date 2020-05-01

The net2 crate has been deprecated and users are encouraged to considered socket2 instead.

See advisory page for additional details.

github-actions[bot] avatar May 18 '20 00:05 github-actions[bot]

Updating to reqwest v0.10.8 removes one of the net2 subdependencies, but h2 v0.2.6 is at its newest version and still uses this:

│   ├── reqwest v0.10.8 (most recent)
│   │   ├── hyper v0.13.8 (most recent)
│   │   │   ├── h2 v0.2.6 (most recent)
│   │   │   │   ├── tokio v0.2.11 (v0.2.22 available)
│   │   │   │   │   ├── mio v0.6.21 (v0.7.1 available)
│   │   │   │   │   │   ├── net2 v0.2.33

I guess until h2 updates its dependencies, this is stuck?

drcpu-github avatar Oct 02 '20 07:10 drcpu-github

You can use cargo tree -i net2 to see all of our dependencies that use net2, and they include many packages so this cannot be fixed for now

tmpolaczyk avatar Oct 28 '20 12:10 tmpolaczyk