cargo audit check fails because yaml-rust is unmaintained #10876

jancionear · 2024-03-25T19:27:51Z

Running cargo audit -D warnings on the current master (92e5938) fails with the following error:

    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 615 security advisories (from /home/ubuntu/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (744 crate dependencies)
Crate:     yaml-rust
Version:   0.4.5
Warning:   unmaintained
Title:     yaml-rust is unmaintained.
Date:      2024-03-20
ID:        RUSTSEC-2024-0320
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0320

Full output

    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 615 security advisories (from /home/ubuntu/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (744 crate dependencies)
Crate:     yaml-rust
Version:   0.4.5
Warning:   unmaintained
Title:     yaml-rust is unmaintained.
Date:      2024-03-20
ID:        RUSTSEC-2024-0320
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0320
Dependency tree:
yaml-rust 0.4.5
└── insta 1.34.0
    ├── state-viewer 0.0.0
    │   └── neard 0.0.0
    ├── runtime-params-estimator 0.0.0
    ├── near-store 0.0.0
    │   ├── store-validator 0.0.0
    │   ├── storage-usage-delta-calculator 0.0.0
    │   ├── state-viewer 0.0.0
    │   ├── speedy_sync 0.0.0
    │   ├── runtime-tester 0.0.0
    │   │   └── runtime-tester-fuzz 0.0.0
    │   ├── runtime-params-estimator 0.0.0
    │   ├── node-runtime 0.0.0
    │   │   ├── testlib 0.0.0
    │   │   │   ├── store-validator 0.0.0
    │   │   │   ├── state-viewer 0.0.0
    │   │   │   ├── runtime-tester 0.0.0
    │   │   │   ├── node-runtime 0.0.0
    │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── store-validator 0.0.0
    │   │   │   │   ├── state-viewer 0.0.0
    │   │   │   │   ├── speedy_sync 0.0.0
    │   │   │   │   ├── runtime-tester 0.0.0
    │   │   │   │   ├── runtime-params-estimator 0.0.0
    │   │   │   │   ├── restaked 0.0.0
    │   │   │   │   ├── neard 0.0.0
    │   │   │   │   ├── near-undo-block 0.0.0
    │   │   │   │   │   ├── neard 0.0.0
    │   │   │   │   │   └── integration-tests 0.0.0
    │   │   │   │   │       └── restaked 0.0.0
    │   │   │   │   ├── near-state-parts-dump-check 0.0.0
    │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   │   ├── neard 0.0.0
    │   │   │   │   │   └── near-fork-network 0.0.0
    │   │   │   │   │       └── neard 0.0.0
    │   │   │   │   ├── near-indexer 0.0.0
    │   │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   │   └── indexer-example 0.0.0
    │   │   │   │   ├── near-fork-network 0.0.0
    │   │   │   │   ├── near-flat-storage 0.0.0
    │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   ├── near-epoch-sync-tool 0.0.0
    │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   ├── near-database-tool 0.0.0
    │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   ├── mock-node 0.0.0
    │   │   │   │   ├── keypair-generator 0.0.0
    │   │   │   │   ├── integration-tests 0.0.0
    │   │   │   │   ├── genesis-populate 0.0.0
    │   │   │   │   │   └── runtime-params-estimator 0.0.0
    │   │   │   │   ├── genesis-csv-to-json 0.0.0
    │   │   │   │   ├── cold-store-tool 0.0.0
    │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   └── chainsync-loadtest 0.0.0
    │   │   │   └── integration-tests 0.0.0
    │   │   ├── state-viewer 0.0.0
    │   │   ├── runtime-params-estimator 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-rosetta-rpc 0.0.0
    │   │   │   └── nearcore 0.0.0
    │   │   ├── near-indexer 0.0.0
    │   │   ├── near-chain 0.0.0
    │   │   │   ├── testlib 0.0.0
    │   │   │   ├── store-validator 0.0.0
    │   │   │   ├── state-viewer 0.0.0
    │   │   │   ├── speedy_sync 0.0.0
    │   │   │   ├── runtime-tester 0.0.0
    │   │   │   ├── nearcore 0.0.0
    │   │   │   ├── near-undo-block 0.0.0
    │   │   │   ├── near-store 0.0.0
    │   │   │   ├── near-mirror 0.0.0
    │   │   │   ├── near-fork-network 0.0.0
    │   │   │   ├── near-flat-storage 0.0.0
    │   │   │   ├── near-epoch-sync-tool 0.0.0
    │   │   │   ├── near-database-tool 0.0.0
    │   │   │   ├── near-client 0.0.0
    │   │   │   │   ├── store-validator 0.0.0
    │   │   │   │   ├── state-viewer 0.0.0
    │   │   │   │   ├── runtime-tester 0.0.0
    │   │   │   │   ├── neard 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-state-parts-dump-check 0.0.0
    │   │   │   │   ├── near-rosetta-rpc 0.0.0
    │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   │   │   │   └── near-jsonrpc-fuzz 0.0.0
    │   │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   │   ├── near-state-parts-dump-check 0.0.0
    │   │   │   │   │   ├── near-state-parts 0.0.0
    │   │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   │   ├── near-ping 0.0.0
    │   │   │   │   │   │   ├── neard 0.0.0
    │   │   │   │   │   │   └── near-state-parts 0.0.0
    │   │   │   │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   │   │   │   ├── near-jsonrpc-fuzz 0.0.0
    │   │   │   │   │   ├── mock-node 0.0.0
    │   │   │   │   │   └── integration-tests 0.0.0
    │   │   │   │   ├── near-indexer 0.0.0
    │   │   │   │   ├── mock-node 0.0.0
    │   │   │   │   └── integration-tests 0.0.0
    │   │   │   ├── near-chunks 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-store 0.0.0
    │   │   │   │   ├── near-client 0.0.0
    │   │   │   │   ├── mock-node 0.0.0
    │   │   │   │   └── integration-tests 0.0.0
    │   │   │   ├── mock-node 0.0.0
    │   │   │   ├── integration-tests 0.0.0
    │   │   │   └── genesis-populate 0.0.0
    │   │   └── integration-tests 0.0.0
    │   ├── neard 0.0.0
    │   ├── nearcore 0.0.0
    │   ├── near-undo-block 0.0.0
    │   ├── near-state-parts-dump-check 0.0.0
    │   ├── near-network 0.0.0
    │   │   ├── state-viewer 0.0.0
    │   │   ├── neard 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-state-parts 0.0.0
    │   │   ├── near-rosetta-rpc 0.0.0
    │   │   ├── near-ping 0.0.0
    │   │   ├── near-mirror 0.0.0
    │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   ├── near-jsonrpc 0.0.0
    │   │   ├── near-client 0.0.0
    │   │   ├── near-chunks 0.0.0
    │   │   ├── near-chain 0.0.0
    │   │   ├── mock-node 0.0.0
    │   │   ├── integration-tests 0.0.0
    │   │   ├── genesis-csv-to-json 0.0.0
    │   │   └── chainsync-loadtest 0.0.0
    │   ├── near-mirror 0.0.0
    │   ├── near-jsonrpc-tests 0.0.0
    │   ├── near-indexer 0.0.0
    │   ├── near-fork-network 0.0.0
    │   ├── near-flat-storage 0.0.0
    │   ├── near-epoch-sync-tool 0.0.0
    │   ├── near-epoch-manager 0.0.0
    │   │   ├── store-validator 0.0.0
    │   │   ├── state-viewer 0.0.0
    │   │   ├── speedy_sync 0.0.0
    │   │   ├── runtime-tester 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-undo-block 0.0.0
    │   │   ├── near-mirror 0.0.0
    │   │   ├── near-fork-network 0.0.0
    │   │   ├── near-flat-storage 0.0.0
    │   │   ├── near-epoch-sync-tool 0.0.0
    │   │   ├── near-database-tool 0.0.0
    │   │   ├── near-client 0.0.0
    │   │   ├── near-chunks 0.0.0
    │   │   ├── near-chain 0.0.0
    │   │   ├── mock-node 0.0.0
    │   │   ├── integration-tests 0.0.0
    │   │   ├── genesis-populate 0.0.0
    │   │   └── cold-store-tool 0.0.0
    │   ├── near-database-tool 0.0.0
    │   ├── near-client 0.0.0
    │   ├── near-chunks 0.0.0
    │   ├── near-chain 0.0.0
    │   ├── near-actix-test-utils 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-rosetta-rpc 0.0.0
    │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   ├── near-client 0.0.0
    │   │   ├── mock-node 0.0.0
    │   │   └── integration-tests 0.0.0
    │   ├── mock-node 0.0.0
    │   ├── integration-tests 0.0.0
    │   ├── genesis-populate 0.0.0
    │   ├── cold-store-tool 0.0.0
    │   └── chainsync-loadtest 0.0.0
    ├── near-rosetta-rpc 0.0.0
    ├── near-primitives-core 0.0.0
    │   ├── state-viewer 0.0.0
    │   ├── node-runtime 0.0.0
    │   ├── near-wallet-contract 0.0.0
    │   │   ├── node-runtime 0.0.0
    │   │   └── integration-tests 0.0.0
    │   ├── near-vm-runner 0.0.0
    │   │   ├── runtime-tester 0.0.0
    │   │   ├── runtime-params-estimator 0.0.0
    │   │   ├── node-runtime 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-wallet-contract 0.0.0
    │   │   ├── near-vm-runner-fuzz 0.0.0
    │   │   ├── near-store 0.0.0
    │   │   ├── near-primitives 0.0.0
    │   │   │   ├── testlib 0.0.0
    │   │   │   ├── store-validator 0.0.0
    │   │   │   ├── storage-usage-delta-calculator 0.0.0
    │   │   │   ├── state-viewer 0.0.0
    │   │   │   ├── speedy_sync 0.0.0
    │   │   │   ├── runtime-tester 0.0.0
    │   │   │   ├── runtime-params-estimator 0.0.0
    │   │   │   ├── restaked 0.0.0
    │   │   │   ├── node-runtime 0.0.0
    │   │   │   ├── neard 0.0.0
    │   │   │   ├── nearcore 0.0.0
    │   │   │   ├── near-vm-runner-fuzz 0.0.0
    │   │   │   ├── near-undo-block 0.0.0
    │   │   │   ├── near-store 0.0.0
    │   │   │   ├── near-state-parts-dump-check 0.0.0
    │   │   │   ├── near-state-parts 0.0.0
    │   │   │   ├── near-rosetta-rpc 0.0.0
    │   │   │   ├── near-pool 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-client 0.0.0
    │   │   │   │   ├── near-chunks 0.0.0
    │   │   │   │   └── near-chain 0.0.0
    │   │   │   ├── near-ping 0.0.0
    │   │   │   ├── near-network 0.0.0
    │   │   │   ├── near-mirror 0.0.0
    │   │   │   ├── near-mainnet-res 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   └── near-chain 0.0.0
    │   │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   │   ├── near-jsonrpc-primitives 0.0.0
    │   │   │   │   ├── neard 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   │   │   ├── near-jsonrpc-fuzz 0.0.0
    │   │   │   │   ├── near-jsonrpc-client 0.0.0
    │   │   │   │   │   ├── restaked 0.0.0
    │   │   │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   │   │   ├── mock-node 0.0.0
    │   │   │   │   │   └── integration-tests 0.0.0
    │   │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   │   └── integration-tests 0.0.0
    │   │   │   ├── near-jsonrpc-fuzz 0.0.0
    │   │   │   ├── near-jsonrpc-client 0.0.0
    │   │   │   ├── near-jsonrpc-adversarial-primitives 0.0.0
    │   │   │   │   └── near-jsonrpc 0.0.0
    │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   ├── near-indexer-primitives 0.0.0
    │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   └── near-indexer 0.0.0
    │   │   │   ├── near-indexer 0.0.0
    │   │   │   ├── near-fork-network 0.0.0
    │   │   │   ├── near-flat-storage 0.0.0
    │   │   │   ├── near-epoch-sync-tool 0.0.0
    │   │   │   ├── near-epoch-manager 0.0.0
    │   │   │   ├── near-dyn-configs 0.0.0
    │   │   │   │   ├── neard 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-indexer 0.0.0
    │   │   │   │   └── near-client 0.0.0
    │   │   │   ├── near-database-tool 0.0.0
    │   │   │   ├── near-client-primitives 0.0.0
    │   │   │   │   ├── runtime-tester 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-rosetta-rpc 0.0.0
    │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   ├── near-jsonrpc-primitives 0.0.0
    │   │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   │   ├── near-client 0.0.0
    │   │   │   │   ├── near-chain 0.0.0
    │   │   │   │   └── integration-tests 0.0.0
    │   │   │   ├── near-client 0.0.0
    │   │   │   ├── near-chunks-primitives 0.0.0
    │   │   │   │   ├── near-client-primitives 0.0.0
    │   │   │   │   └── near-chunks 0.0.0
    │   │   │   ├── near-chunks 0.0.0
    │   │   │   ├── near-chain-primitives 0.0.0
    │   │   │   │   ├── speedy_sync 0.0.0
    │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   ├── near-epoch-manager 0.0.0
    │   │   │   │   ├── near-client-primitives 0.0.0
    │   │   │   │   ├── near-client 0.0.0
    │   │   │   │   ├── near-chunks-primitives 0.0.0
    │   │   │   │   └── near-chain 0.0.0
    │   │   │   ├── near-chain-configs 0.0.0
    │   │   │   │   ├── testlib 0.0.0
    │   │   │   │   ├── store-validator 0.0.0
    │   │   │   │   ├── storage-usage-delta-calculator 0.0.0
    │   │   │   │   ├── state-viewer 0.0.0
    │   │   │   │   ├── speedy_sync 0.0.0
    │   │   │   │   ├── runtime-tester 0.0.0
    │   │   │   │   ├── runtime-params-estimator 0.0.0
    │   │   │   │   ├── restaked 0.0.0
    │   │   │   │   ├── node-runtime 0.0.0
    │   │   │   │   ├── neard 0.0.0
    │   │   │   │   ├── nearcore 0.0.0
    │   │   │   │   ├── near-undo-block 0.0.0
    │   │   │   │   ├── near-store 0.0.0
    │   │   │   │   ├── near-rosetta-rpc 0.0.0
    │   │   │   │   ├── near-mirror 0.0.0
    │   │   │   │   ├── near-mainnet-res 0.0.0
    │   │   │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   │   │   ├── near-jsonrpc-primitives 0.0.0
    │   │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   │   ├── near-indexer 0.0.0
    │   │   │   │   ├── near-fork-network 0.0.0
    │   │   │   │   ├── near-flat-storage 0.0.0
    │   │   │   │   ├── near-epoch-sync-tool 0.0.0
    │   │   │   │   ├── near-epoch-manager 0.0.0
    │   │   │   │   ├── near-dyn-configs 0.0.0
    │   │   │   │   ├── near-database-tool 0.0.0
    │   │   │   │   ├── near-client-primitives 0.0.0
    │   │   │   │   ├── near-client 0.0.0
    │   │   │   │   ├── near-chunks 0.0.0
    │   │   │   │   ├── near-chain 0.0.0
    │   │   │   │   ├── near-amend-genesis 0.0.0
    │   │   │   │   │   └── neard 0.0.0
    │   │   │   │   ├── mock-node 0.0.0
    │   │   │   │   ├── integration-tests 0.0.0
    │   │   │   │   ├── genesis-populate 0.0.0
    │   │   │   │   ├── genesis-csv-to-json 0.0.0
    │   │   │   │   ├── cold-store-tool 0.0.0
    │   │   │   │   └── chainsync-loadtest 0.0.0
    │   │   │   ├── near-chain 0.0.0
    │   │   │   ├── near-amend-genesis 0.0.0
    │   │   │   ├── mock-node 0.0.0
    │   │   │   ├── integration-tests 0.0.0
    │   │   │   ├── genesis-populate 0.0.0
    │   │   │   ├── genesis-csv-to-json 0.0.0
    │   │   │   ├── cold-store-tool 0.0.0
    │   │   │   └── chainsync-loadtest 0.0.0
    │   │   ├── near-client 0.0.0
    │   │   ├── near-chain 0.0.0
    │   │   ├── integration-tests 0.0.0
    │   │   └── genesis-populate 0.0.0
    │   ├── near-state-parts-dump-check 0.0.0
    │   ├── near-primitives 0.0.0
    │   ├── near-parameters 0.0.0
    │   │   ├── testlib 0.0.0
    │   │   ├── storage-usage-delta-calculator 0.0.0
    │   │   ├── runtime-tester 0.0.0
    │   │   ├── runtime-params-estimator 0.0.0
    │   │   ├── node-runtime 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-vm-runner-fuzz 0.0.0
    │   │   ├── near-vm-runner 0.0.0
    │   │   ├── near-store 0.0.0
    │   │   ├── near-rosetta-rpc 0.0.0
    │   │   ├── near-primitives 0.0.0
    │   │   ├── near-indexer 0.0.0
    │   │   ├── near-fork-network 0.0.0
    │   │   ├── near-client 0.0.0
    │   │   ├── near-chain-configs 0.0.0
    │   │   ├── near-chain 0.0.0
    │   │   └── integration-tests 0.0.0
    │   ├── near-o11y 0.0.0
    │   │   ├── store-validator 0.0.0
    │   │   ├── storage-usage-delta-calculator 0.0.0
    │   │   ├── state-viewer 0.0.0
    │   │   ├── runtime-tester 0.0.0
    │   │   ├── runtime-params-estimator 0.0.0
    │   │   ├── restaked 0.0.0
    │   │   ├── node-runtime 0.0.0
    │   │   ├── neard 0.0.0
    │   │   ├── nearcore 0.0.0
    │   │   ├── near-telemetry 0.0.0
    │   │   │   ├── nearcore 0.0.0
    │   │   │   ├── near-client 0.0.0
    │   │   │   ├── mock-node 0.0.0
    │   │   │   └── integration-tests 0.0.0
    │   │   ├── near-store 0.0.0
    │   │   ├── near-state-parts-dump-check 0.0.0
    │   │   ├── near-state-parts 0.0.0
    │   │   ├── near-rosetta-rpc 0.0.0
    │   │   ├── near-pool 0.0.0
    │   │   ├── near-ping 0.0.0
    │   │   ├── near-network 0.0.0
    │   │   ├── near-mirror 0.0.0
    │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   ├── near-jsonrpc 0.0.0
    │   │   ├── near-indexer 0.0.0
    │   │   ├── near-fork-network 0.0.0
    │   │   ├── near-epoch-manager 0.0.0
    │   │   ├── near-dyn-configs 0.0.0
    │   │   ├── near-client 0.0.0
    │   │   ├── near-chunks 0.0.0
    │   │   ├── near-chain-configs 0.0.0
    │   │   ├── near-chain 0.0.0
    │   │   ├── near-async 0.0.0
    │   │   │   ├── state-viewer 0.0.0
    │   │   │   ├── speedy_sync 0.0.0
    │   │   │   ├── nearcore 0.0.0
    │   │   │   ├── near-telemetry 0.0.0
    │   │   │   ├── near-store 0.0.0
    │   │   │   ├── near-state-parts 0.0.0
    │   │   │   ├── near-rosetta-rpc 0.0.0
    │   │   │   ├── near-primitives 0.0.0
    │   │   │   ├── near-ping 0.0.0
    │   │   │   ├── near-network 0.0.0
    │   │   │   ├── near-mirror 0.0.0
    │   │   │   ├── near-jsonrpc-tests 0.0.0
    │   │   │   ├── near-jsonrpc-fuzz 0.0.0
    │   │   │   ├── near-jsonrpc 0.0.0
    │   │   │   ├── near-dyn-configs 0.0.0
    │   │   │   ├── near-client-primitives 0.0.0
    │   │   │   ├── near-client 0.0.0
    │   │   │   ├── near-chunks 0.0.0
    │   │   │   ├── near-chain-primitives 0.0.0
    │   │   │   ├── near-chain-configs 0.0.0
    │   │   │   ├── near-chain 0.0.0
    │   │   │   ├── near-amend-genesis 0.0.0
    │   │   │   ├── mock-node 0.0.0
    │   │   │   ├── integration-tests 0.0.0
    │   │   │   ├── genesis-populate 0.0.0
    │   │   │   └── chainsync-loadtest 0.0.0
    │   │   ├── mock-node 0.0.0
    │   │   ├── integration-tests 0.0.0
    │   │   ├── indexer-example 0.0.0
    │   │   └── chainsync-loadtest 0.0.0
    │   ├── near-mirror 0.0.0
    │   ├── near-fmt 0.0.0
    │   │   ├── runtime-params-estimator 0.0.0
    │   │   ├── near-store 0.0.0
    │   │   ├── near-primitives 0.0.0
    │   │   ├── near-o11y 0.0.0
    │   │   ├── near-network 0.0.0
    │   │   └── integration-tests 0.0.0
    │   ├── near-amend-genesis 0.0.0
    │   └── integration-tests 0.0.0
    ├── near-primitives 0.0.0
    ├── near-parameters 0.0.0
    ├── near-chain 0.0.0
    ├── integration-tests 0.0.0
    └── estimator-warehouse 0.0.0

error: 1 denied warning found!

This causes failures in the CI (e.g https://github.com/near/nearcore/actions/runs/8425666326/job/23072264756?pr=10859)

Fix

According to the security advisory (https://rustsec.org/advisories/RUSTSEC-2024-0320) we should consider switching to the yaml-rust2 crate, which is actively maintained.

The text was updated successfully, but these errors were encountered:

jancionear · 2024-03-25T19:39:09Z

The yaml-rust dependency comes from the insta crate, we'll have to wait until insta switches to yaml-rust2. There's an issue about it: mitsuhiko/insta#463

…arning (#10880) Recently `cargo audit` started complaining that the `yaml-rust` dependency is unmaintained (#10876). `yaml-rust` is an indirect dependency that comes from the `insta` crate, so to fix the warning we must upgrade `insta` to a version that doesn't have this problem. The `insta` crate just had a new release which fixes the problem detected by `cargo audit` (they pasted the whole `yaml-rust` crate into their tree x.x (mitsuhiko/insta#465)). We can upgrade to the latest version to get rid of the warning. Upgrading to the latest version is relatively painless, I just had to replace `assert_display_snapshot` with `assert_snapshot` because `assert_display_snapshot` is now deprecated (see https://github.com/mitsuhiko/insta/blob/8379841b8fde1cbd2fee019a9207ebea3619658f/src/macros.rs#L372) Fixes: #10876

jancionear · 2024-03-26T17:03:51Z

Blog post about the incident from the author of insta: https://lucumr.pocoo.org/2024/3/26/rust-cdo/

jancionear mentioned this issue Mar 25, 2024

Always record storage when stateless validation is enabled #10859

Merged

jancionear mentioned this issue Mar 26, 2024

Upgrade the 'insta' dependency to version 1.37.0 to fix cargo audit warning #10880

Merged

jancionear closed this as completed in #10880 Mar 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cargo audit check fails because yaml-rust is unmaintained #10876

cargo audit check fails because yaml-rust is unmaintained #10876

jancionear commented Mar 25, 2024 •

edited

Loading

jancionear commented Mar 25, 2024

jancionear commented Mar 26, 2024 •

edited

Loading

cargo audit check fails because yaml-rust is unmaintained #10876

cargo audit check fails because yaml-rust is unmaintained #10876

Comments

jancionear commented Mar 25, 2024 • edited Loading

Fix

jancionear commented Mar 25, 2024

jancionear commented Mar 26, 2024 • edited Loading

jancionear commented Mar 25, 2024 •

edited

Loading

jancionear commented Mar 26, 2024 •

edited

Loading