Skip to content

Merge branch 'main' into bump-trivy-fix #1116

Merge branch 'main' into bump-trivy-fix

Merge branch 'main' into bump-trivy-fix #1116

GitHub Actions / Security audit succeeded Dec 21, 2024 in 0s

Security advisories found

5 unmaintained, 1 other

Details

Warnings

RUSTSEC-2024-0388

derivative is unmaintained; consider using an alternative

Details
Status unmaintained
Package derivative
Version 2.2.0
URL mcarton/rust-derivative#117
Date 2024-06-26

The derivative crate is no longer maintained.
Consider using any alternative, for instance:

RUSTSEC-2024-0384

instant is unmaintained

Details
Status unmaintained
Package instant
Version 0.1.13
Date 2024-09-01

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.

RUSTSEC-2020-0168

mach is unmaintained

Details
Status unmaintained
Package mach
Version 0.3.2
URL fitzgen/mach#63
Date 2020-07-14

Last release was almost 4 years ago.

Maintainer(s) seem to be completely unreachable.

Possible Alternative(s)

These may or may not be suitable alternatives and have not been vetted in any way;

RUSTSEC-2022-0061

Crate parity-wasm deprecated by the author

Details
Status unmaintained
Package parity-wasm
Version 0.45.0
URL paritytech/parity-wasm#334
Date 2022-10-01

This PR explicitly deprecates parity-wasm.
The author recommends switching to wasm-tools.

RUSTSEC-2024-0370

proc-macro-error is unmaintained

Details
Status unmaintained
Package proc-macro-error
Version 1.0.4
URL https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
Date 2024-09-01

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)

Crate critical-section is yanked

No extra details provided.