Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from byte-unit due to RUSTSEC-2024-0370 #154

Open
ymgyt opened this issue Sep 9, 2024 · 1 comment
Open

Migrate from byte-unit due to RUSTSEC-2024-0370 #154

ymgyt opened this issue Sep 9, 2024 · 1 comment
Labels
area/stdx synd_stdx crate dependencies/rust Update rust dependencies kind/enhancement Enchancement

Comments

@ymgyt
Copy link
Owner

ymgyt commented Sep 9, 2024

The transitive dependency proc-macro-error from byte-unit is no longer maintained.
We need to either stop using byte-unit or wait for byte-unit to address this issue and update accordingly.

crate-audit> ++ command cargo audit -n -d /nix/store/ll7kcsxajcc9girvh9jkargs31gx6k92-source --ignore RUSTSEC-2024-0320
crate-audit>       Loaded 658 security advisories (from /nix/store/ll7kcsxajcc9girvh9jkargs31gx6k92-source)
crate-audit>     Scanning Cargo.lock for vulnerabilities (533 crate dependencies)
crate-audit> Crate:     proc-macro-error
crate-audit> Version:   1.0.4
crate-audit> Warning:   unmaintained
crate-audit> Title:     proc-macro-error is unmaintained
crate-audit> Date:      2024-09-01
crate-audit> ID:        RUSTSEC-2024-0370
crate-audit> URL:       https://rustsec.org/advisories/RUSTSEC-2024-0370
crate-audit> Dependency tree:
crate-audit> proc-macro-error 1.0.4
crate-audit> └── syn_derive 0.1.8
crate-audit>     └── borsh-derive 1.5.1
crate-audit>         └── borsh 1.5.1
crate-audit>             └── rust_decimal 1.36.0
crate-audit>                 └── byte-unit 5.1.4
crate-audit>                     └── synd-stdx 0.1.0
crate-audit>                         ├── synd-term 0.3.1
crate-audit>                         ├── synd-kvsd 0.1.0
crate-audit>                         └── synd-api 0.2.5
crate-audit>                             └── synd-term 0.3.1
@ymgyt ymgyt added the dependencies/rust Update rust dependencies label Sep 9, 2024
@github-project-automation github-project-automation bot moved this to Backlog in syndicationd Sep 9, 2024
@ymgyt ymgyt changed the title Migrate byte-unit Migrate from byte-unit due to RUSTSEC-2024-0370 Sep 9, 2024
@ymgyt
Copy link
Owner Author

ymgyt commented Sep 9, 2024

5f05695

@ymgyt ymgyt added area/stdx synd_stdx crate kind/enhancement Enchancement labels Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/stdx synd_stdx crate dependencies/rust Update rust dependencies kind/enhancement Enchancement
Projects
syndicationd
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ymgyt