Skip to content
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.

twoway dependency is dead #143

Open
kornelski opened this issue Jun 20, 2022 · 6 comments
Open

twoway dependency is dead #143

kornelski opened this issue Jun 20, 2022 · 6 comments

Comments

@kornelski
Copy link

The twoway crate is obsolete. I suggest replacing it with memchr. The twoway crate also breaks Cargo's -Z minimal-versions option, because it can indirectly cause libc 0.1 to be pulled in.
@michalfita
Copy link

@abonander is this crate still maintained? Apart the fact twoway is deprecated this crate uses old version causing cargo deny to bark at me in red if I want to use pact_consumer.

FYI: @ferdonline

michalfita added a commit to michalfita/multipart that referenced this issue Oct 12, 2022
@michalfita
[Fixes abonander#143] Replace deprecated twoway with memchr
3e2da76
@pinkforest pinkforest mentioned this issue Oct 16, 2022
Closed
@oherrala
Copy link
Contributor

Deprecation was also announced in RustSec's advisory DB yesterday: https://rustsec.org/advisories/RUSTSEC-2021-0146

@kate-goldenring kate-goldenring mentioned this issue Jan 17, 2023
Closed
@kpcyrd
Copy link

kpcyrd commented Jan 19, 2023

I don't know if the deprecation of twoway is worth the advisory, using warp currently causes my project to be flagged with https://osv.dev/RUSTSEC-2021-0146 by osv-scanner.

There's an open PR to fix this: #144

I also noticed multipart uses very old code style, it still has clippy as a dependency and extern crate style imports.

@michalfita
Copy link

I'm afraid @abonander abandoned this project and soon it would get its own advisory.

@oherrala
Copy link
Contributor

I'm afraid @abonander abandoned this project and soon it would get its own advisory.

rustsec/advisory-db#1438

@michalfita
Copy link

michalfita commented Jan 20, 2023
edited
Loading

O wow... Worse than I though. Do we have alternatives?

BTW it's time crates.io shows advisories as warnings.

flavio added a commit to flavio/policy-server that referenced this issue Jan 25, 2023
@flavio
chore: ignore twoway warning
007727c 
Cargo audit is now failing because of [RUSTSEC-2021-0146](https://rustsec.org/advisories/RUSTSEC-2021-0146).

This is about `twoway` not being maintained anymore.
This is a transitive dependency of `multipart`, which is
a dependency of `warp`.

This is the GH issue that describes
the problem: abonander/multipart#143

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kornelski @oherrala @michalfita @kpcyrd