cargo-deny issue due to transitive dependency safemem, which is no longer maintained
#521
Comments
nazmulidris
changed the title
safemem is no longer maintainedsafemem, which is no longer maintained
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 1, 2024
Ignoring `RUSTSEC-2023-0081`, which is about `safemem` being unmaintained. This is a transitive dependency of syntect. This bug is tracked upstream inside of trishume/syntect#521 Signed-off-by: Flavio Castelli <[email protected]>
|
Can |
nazmulidris
added a commit
to r3bl-org/r3bl-open-core
that referenced
this issue
Apr 15, 2024
…all ambiguous names to be explicit This is an attempt to isolate the use of syntect to just 1 crate: r3bl_tui. It has been removed from the core crate. However, it is not possible to remove syntect from the lolcat / color_wheel modules as they are intrinsically tied together. Basically, they need to be able to render output, and for that they need to be in the r3bl_tui crate which has a dependency on syntect and this can't be removed. safemem is no longer maintained, you can see the following output from running cargo deny check advisories. 180 │ safemem 0.3.3 registry+https://github.com/rust-lang/crates.io-index │ ------------------------------------------------------------------- unmaintained advisory detected │ = ID: RUSTSEC-2023-0081 = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0081 = The latest crates.io release was in 2019. The repository has been archived by the author. = Announcement: https://github.com/abonander/safemem = Solution: No safe upgrade is available! = safemem v0.3.3 └── line-wrap v0.1.1 └── plist v1.6.0 └── syntect v5.1.0 └── r3bl_tui v0.5.2 └── r3bl-cmdr v0.0.11 More info: - #314 - ebarnard/rust-plist#134 - trishume/syntect#521 This `safemem` issue is resolved since the dependencies of syntect, `line-wrap` and `plist` are both updated. By pinning the version of `plist` to `1.6.1` (`cargo update -p plist --precise 1.6.1`) and checking in `Cargo.toml`, this resolves the `safemem` issue.
nazmulidris
added a commit
to r3bl-org/r3bl-open-core
that referenced
this issue
Apr 15, 2024
…all ambiguous names to be explicit This is an attempt to isolate the use of syntect to just 1 crate: r3bl_tui. It has been removed from the core crate. However, it is not possible to remove syntect from the lolcat / color_wheel modules as they are intrinsically tied together. Basically, they need to be able to render output, and for that they need to be in the r3bl_tui crate which has a dependency on syntect and this can't be removed. safemem is no longer maintained, you can see the following output from running cargo deny check advisories. 180 │ safemem 0.3.3 registry+https://github.com/rust-lang/crates.io-index │ ------------------------------------------------------------------- unmaintained advisory detected │ = ID: RUSTSEC-2023-0081 = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0081 = The latest crates.io release was in 2019. The repository has been archived by the author. = Announcement: https://github.com/abonander/safemem = Solution: No safe upgrade is available! = safemem v0.3.3 └── line-wrap v0.1.1 └── plist v1.6.0 └── syntect v5.1.0 └── r3bl_tui v0.5.2 └── r3bl-cmdr v0.0.11 More info: - #314 - ebarnard/rust-plist#134 - trishume/syntect#521 This `safemem` issue is resolved since the dependencies of syntect, `line-wrap` and `plist` are both updated. By pinning the version of `plist` to `1.6.1` (`cargo update -p plist --precise 1.6.1`) and checking in `Cargo.toml`, this resolves the `safemem` issue.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
safememcrate is no longer maintained: https://rustsec.org/advisories/RUSTSEC-2023-0081.htmlHere's the transitive dependency that
syntecthas on this crate, viaplist, vialine-wrap.line-wraphas made the necessary changes and published v0.2.0:However, changes have not currently been made to
plist, though this issue is open:ebarnard/rust-plist#134
The text was updated successfully, but these errors were encountered: