-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maintenance #45
Comments
This was referenced Jan 6, 2021
His github status at the moment is: "No time to maintain personal projects at the moment" so that confirms it. |
This was referenced Oct 7, 2021
This was referenced Nov 24, 2021
This was referenced Dec 8, 2021
This was referenced May 1, 2022
This was referenced May 21, 2022
gitlab-dfinity
pushed a commit
to dfinity/ic
that referenced
this issue
Dec 28, 2023
fix: fix multiple advisory warnings and 1 error found by cargo-deny Openssl is removed (again) from Cargo.toml. The following warnings are removed from the repository. ``` error[xxx]: Tungstenite allows remote attackers to cause a denial of service ┌─ /ic/Cargo.lock:1331:1 │ 1331 │ tungstenite 0.17.3 registry+https://github.com/rust-lang/crates.io-index │ ------------------------------------------------------------------------ security xxx detected │ = ID: RUSTSEC-2023-0065 = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0065 = The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes). = Announcement: snapview/tungstenite-rs#376 = Solution: Upgrade to >=0.20.1 (try `cargo update -p tungstenite`) warning[unmaintained]: difference is unmaintained ┌─ /ic/Cargo.lock:267:1 │ 267 │ difference 2.0.0 registry+https://github.com/rust-lang/crates.io-index │ ---------------------------------------------------------------------- unmaintained advisory detected │ = ID: RUSTSEC-2020-0095 = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0095 = The author of the `difference` crate is unresponsive. Maintained alternatives: - [`dissimilar`](https://crates.io/crates/dissimilar) - [`similar`](https://crates.io/crates/similar) - [`treediff`](https://crates.io/crates/treediff) - [`diffus`](https://crates.io/crates/diffus) = Announcement: johannhof/difference.rs#45 = Solution: No safe upgrade is available! warning[unsound]: Unaligned write of u64 on 32-bit and 16-bit platforms ┌─ /ic/Cargo.lock:1355:1 │ 1355 │ unsafe-libyaml 0.2.9 registry+https://github.com/rust-lang/crates.io-index │ -------------------------------------------------------------------------- unsound advisory detected │ = ID: RUSTSEC-2023-0075 = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0075 = Affected versions allocate memory using the alignment of `usize` and write data to it of type `u64`, without using `core::ptr::write_unaligned`. In platforms with sub-64bit alignment for `usize` (including wasm32 and x86) these writes are insufficiently aligned some of the time. If using an ordinary optimized standard library, the bug exhibits Undefined Behavior so may or may not behave in any sensible way, depending on optimization settings and hardware and other things. If using a Rust standard library built with debug assertions enabled, the bug manifests deterministically in a crash (non-unwinding panic) saying _"ptr::write requires that the pointer argument is aligned and non-null"_. No 64-bit platform is impacted by the bug. The flaw was corrected by allocating with adequately high alignment on all platforms. = Announcement: dtolnay/unsafe-libyaml#21 = Solution: Upgrade to >=0.2.10 (try `cargo update -p unsafe-libyaml`) warning[yanked]: detected yanked crate (try `cargo update -p ahash`) ┌─ /ic/Cargo.lock:20:1 │ 20 │ ahash 0.7.6 registry+https://github.com/rust-lang/crates.io-index │ ----------------------------------------------------------------- yanked version warning[yanked]: detected yanked crate (try `cargo update -p ahash`) ┌─ /ic/Cargo.lock:21:1 │ 21 │ ahash 0.8.3 registry+https://github.com/rust-lang/crates.io-index │ ----------------------------------------------------------------- yanked version warning[yanked]: detected yanked crate (try `cargo update -p hermit-abi`) ┌─ /ic/Cargo.lock:385:1 │ 385 │ hermit-abi 0.3.1 registry+https://github.com/rust-lang/crates.io-index │ ---------------------------------------------------------------------- yanked version ``` See merge request dfinity-lab/public/ic!16899
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all, might I ask you what is the current status of this crate? There hasn't been a release to crates.io for 2 years and issues/PRs don't get forward... Are there any blockers? If you feel you don't have time/motivation to maintain this project, I'd suggest sharing the rights to push/publish the crate to some contributors
cc @johannhof
The text was updated successfully, but these errors were encountered: