Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Maintenance #45

Open
Veetaha opened this issue Jul 22, 2020 · 1 comment
Open

Maintenance #45

Veetaha opened this issue Jul 22, 2020 · 1 comment

Comments

@Veetaha
Copy link

Veetaha commented Jul 22, 2020

Hi all, might I ask you what is the current status of this crate? There hasn't been a release to crates.io for 2 years and issues/PRs don't get forward... Are there any blockers? If you feel you don't have time/motivation to maintain this project, I'd suggest sharing the rights to push/publish the crate to some contributors

cc @johannhof

This was referenced Jan 6, 2021
@gilescope
Copy link

His github status at the moment is: "No time to maintain personal projects at the moment" so that confirms it.

gitlab-dfinity pushed a commit to dfinity/ic that referenced this issue Dec 28, 2023
fix: fix multiple advisory warnings and 1 error found by cargo-deny

Openssl is removed (again) from Cargo.toml.

The following warnings are removed from the repository.
```
error[xxx]: Tungstenite allows remote attackers to cause a denial of service
     ┌─ /ic/Cargo.lock:1331:1
     │
1331 │ tungstenite 0.17.3 registry+https://github.com/rust-lang/crates.io-index
     │ ------------------------------------------------------------------------ security xxx detected
     │
     = ID: RUSTSEC-2023-0065
     = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0065
     = The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
       a denial of service (minutes of CPU consumption) via an excessive length of an
       HTTP header in a client handshake. The length affects both how many times a parse
       is attempted (e.g., thousands of times) and the average amount of data for each
       parse attempt (e.g., millions of bytes).
     = Announcement: snapview/tungstenite-rs#376
     = Solution: Upgrade to >=0.20.1 (try `cargo update -p tungstenite`)


warning[unmaintained]: difference is unmaintained
    ┌─ /ic/Cargo.lock:267:1
    │
267 │ difference 2.0.0 registry+https://github.com/rust-lang/crates.io-index
    │ ---------------------------------------------------------------------- unmaintained advisory detected
    │
    = ID: RUSTSEC-2020-0095
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0095
    = The author of the `difference` crate is unresponsive.
      
      Maintained alternatives:
      
      - [`dissimilar`](https://crates.io/crates/dissimilar)
      
      - [`similar`](https://crates.io/crates/similar)
      
      - [`treediff`](https://crates.io/crates/treediff)
      
      - [`diffus`](https://crates.io/crates/diffus)
    = Announcement: johannhof/difference.rs#45
    = Solution: No safe upgrade is available!


warning[unsound]: Unaligned write of u64 on 32-bit and 16-bit platforms
     ┌─ /ic/Cargo.lock:1355:1
     │
1355 │ unsafe-libyaml 0.2.9 registry+https://github.com/rust-lang/crates.io-index
     │ -------------------------------------------------------------------------- unsound advisory detected
     │
     = ID: RUSTSEC-2023-0075
     = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0075
     = Affected versions allocate memory using the alignment of `usize` and write data
       to it of type `u64`, without using `core::ptr::write_unaligned`. In platforms
       with sub-64bit alignment for `usize` (including wasm32 and x86) these writes
       are insufficiently aligned some of the time.
       
       If using an ordinary optimized standard library, the bug exhibits Undefined
       Behavior so may or may not behave in any sensible way, depending on
       optimization settings and hardware and other things. If using a Rust standard
       library built with debug assertions enabled, the bug manifests deterministically
       in a crash (non-unwinding panic) saying _"ptr::write requires that the pointer
       argument is aligned and non-null"_.
       
       No 64-bit platform is impacted by the bug.
       
       The flaw was corrected by allocating with adequately high alignment on all
       platforms.
     = Announcement: dtolnay/unsafe-libyaml#21
     = Solution: Upgrade to >=0.2.10 (try `cargo update -p unsafe-libyaml`)



warning[yanked]: detected yanked crate (try `cargo update -p ahash`)
   ┌─ /ic/Cargo.lock:20:1
   │
20 │ ahash 0.7.6 registry+https://github.com/rust-lang/crates.io-index
   │ ----------------------------------------------------------------- yanked version

warning[yanked]: detected yanked crate (try `cargo update -p ahash`)
   ┌─ /ic/Cargo.lock:21:1
   │
21 │ ahash 0.8.3 registry+https://github.com/rust-lang/crates.io-index
   │ ----------------------------------------------------------------- yanked version

warning[yanked]: detected yanked crate (try `cargo update -p hermit-abi`)
    ┌─ /ic/Cargo.lock:385:1
    │
385 │ hermit-abi 0.3.1 registry+https://github.com/rust-lang/crates.io-index
    │ ---------------------------------------------------------------------- yanked version
``` 

See merge request dfinity-lab/public/ic!16899
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants