Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2020-0016: net2 crate has been deprecated; use socket2 instead #760

Closed
github-actions bot opened this issue May 18, 2020 · 9 comments
Closed

RUSTSEC-2020-0016: net2 crate has been deprecated; use socket2 instead #760

github-actions bot opened this issue May 18, 2020 · 9 comments
Labels
S-blocked Status: marked as blocked ❌ on something else such as an RFC or other implementation work.

Comments

@github-actions
Copy link

net2 crate has been deprecated; use socket2 instead

Details
Status unmaintained
Package net2
Version 0.2.34
URL deprecrated/net2-rs@3350e38
Date 2020-05-01

The net2 crate has been deprecated
and users are encouraged to considered socket2 instead.

See advisory page for additional details.
@Nemo157
Copy link
Member

Nemo157 commented May 18, 2020

This is coming in from hyper (hyperium/hyper#2205) and mio (no upstream issue yet).

@Nemo157
Copy link
Member

Nemo157 commented May 18, 2020

mio v0.7 has moved net2 to be just a dev-dependency, presumably this will be included with tokio v0.3 which is currently ~2 months past its expected release.

@Nemo157 Nemo157 added the S-blocked Status: marked as blocked ❌ on something else such as an RFC or other implementation work. label Jun 1, 2020
@conradgrobler conradgrobler mentioned this issue Jul 17, 2020
Closed
@jyn514
Copy link
Member

jyn514 commented Apr 18, 2021

We still have this in our dependency tree through notify.

$ cargo tree -i net2
net2 v0.2.37
└── mio v0.6.23
    ├── mio-extras v2.0.6
    │   └── notify v4.0.15
    │       └── docs-rs v0.6.0 (/home/joshua/src/rust/docs.rs)
    └── notify v4.0.15 (*)

@jyn514
Copy link
Member

jyn514 commented Apr 18, 2021

It looks like this will be fixed in notify 5.0: https://github.com/notify-rs/notify/blob/4a3f5a35d15dbed5611732016f90c785fdf0f0ac/Cargo.toml#L35

@syphar
Copy link
Member

syphar commented Nov 6, 2021

cargo tree -i net2 is empty now.

@syphar syphar closed this as completed Nov 6, 2021
@syphar syphar reopened this Nov 6, 2021
@syphar
Copy link
Member

syphar commented Nov 6, 2021

cargo audit still returns net2 and it's also in cargo.lock. looking further

@jyn514
Copy link
Member

jyn514 commented Nov 6, 2021

@syphar maybe it's platform dependent? There's probably some flag we can pass to audit to tell it to only look at Linux.

@syphar
Copy link
Member

syphar commented Nov 6, 2021

I think audit is correct here,
only my cargo tree -i net2 call needs --target to provide the right output

@syphar syphar mentioned this issue Dec 18, 2022
Merged
@syphar
Copy link
Member

syphar commented Dec 25, 2022

closing #1963 is merged

@syphar syphar closed this as completed Dec 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S-blocked Status: marked as blocked ❌ on something else such as an RFC or other implementation work.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Nemo157 @syphar @jyn514