-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cargo-deny issue due to transitive dependency safemem
, which is no longer maintained
#521
Comments
nazmulidris
changed the title
cargo-deny issue due to transitive dependency
cargo-deny issue due to transitive dependency Feb 28, 2024
safemem
is no longer maintainedsafemem
, which is no longer maintained
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 1, 2024
Ignoring `RUSTSEC-2023-0081`, which is about `safemem` being unmaintained. This is a transitive dependency of syntect. This bug is tracked upstream inside of trishume/syntect#521 Signed-off-by: Flavio Castelli <[email protected]>
Can |
nazmulidris
added a commit
to r3bl-org/r3bl-open-core
that referenced
this issue
Apr 15, 2024
…all ambiguous names to be explicit This is an attempt to isolate the use of syntect to just 1 crate: r3bl_tui. It has been removed from the core crate. However, it is not possible to remove syntect from the lolcat / color_wheel modules as they are intrinsically tied together. Basically, they need to be able to render output, and for that they need to be in the r3bl_tui crate which has a dependency on syntect and this can't be removed. safemem is no longer maintained, you can see the following output from running cargo deny check advisories. 180 │ safemem 0.3.3 registry+https://github.com/rust-lang/crates.io-index │ ------------------------------------------------------------------- unmaintained advisory detected │ = ID: RUSTSEC-2023-0081 = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0081 = The latest crates.io release was in 2019. The repository has been archived by the author. = Announcement: https://github.com/abonander/safemem = Solution: No safe upgrade is available! = safemem v0.3.3 └── line-wrap v0.1.1 └── plist v1.6.0 └── syntect v5.1.0 └── r3bl_tui v0.5.2 └── r3bl-cmdr v0.0.11 More info: - #314 - ebarnard/rust-plist#134 - trishume/syntect#521 This `safemem` issue is resolved since the dependencies of syntect, `line-wrap` and `plist` are both updated. By pinning the version of `plist` to `1.6.1` (`cargo update -p plist --precise 1.6.1`) and checking in `Cargo.toml`, this resolves the `safemem` issue.
nazmulidris
added a commit
to r3bl-org/r3bl-open-core
that referenced
this issue
Apr 15, 2024
…all ambiguous names to be explicit This is an attempt to isolate the use of syntect to just 1 crate: r3bl_tui. It has been removed from the core crate. However, it is not possible to remove syntect from the lolcat / color_wheel modules as they are intrinsically tied together. Basically, they need to be able to render output, and for that they need to be in the r3bl_tui crate which has a dependency on syntect and this can't be removed. safemem is no longer maintained, you can see the following output from running cargo deny check advisories. 180 │ safemem 0.3.3 registry+https://github.com/rust-lang/crates.io-index │ ------------------------------------------------------------------- unmaintained advisory detected │ = ID: RUSTSEC-2023-0081 = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0081 = The latest crates.io release was in 2019. The repository has been archived by the author. = Announcement: https://github.com/abonander/safemem = Solution: No safe upgrade is available! = safemem v0.3.3 └── line-wrap v0.1.1 └── plist v1.6.0 └── syntect v5.1.0 └── r3bl_tui v0.5.2 └── r3bl-cmdr v0.0.11 More info: - #314 - ebarnard/rust-plist#134 - trishume/syntect#521 This `safemem` issue is resolved since the dependencies of syntect, `line-wrap` and `plist` are both updated. By pinning the version of `plist` to `1.6.1` (`cargo update -p plist --precise 1.6.1`) and checking in `Cargo.toml`, this resolves the `safemem` issue.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
safemem
crate is no longer maintained: https://rustsec.org/advisories/RUSTSEC-2023-0081.htmlHere's the transitive dependency that
syntect
has on this crate, viaplist
, vialine-wrap
.line-wrap
has made the necessary changes and published v0.2.0:However, changes have not currently been made to
plist
, though this issue is open:ebarnard/rust-plist#134
The text was updated successfully, but these errors were encountered: