Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2023-0081: safemem is unmaintained #2423

Closed
github-actions bot opened this issue Feb 23, 2024 · 3 comments
Closed

RUSTSEC-2023-0081: safemem is unmaintained #2423

github-actions bot opened this issue Feb 23, 2024 · 3 comments

Comments

@github-actions
Copy link

safemem is unmaintained

Details
Status unmaintained
Package safemem
Version 0.3.3
URL https://github.com/abonander/safemem
Date 2023-02-14

The latest crates.io release was in 2019. The repository has been archived by the author.

See advisory page for additional details.
@syphar
Copy link
Member

syphar commented Feb 23, 2024

the dependency is only used in lol_html:

safemem v0.3.3
└── lol_html v1.2.0
    └── docs-rs v0.6.0 (/Users/syphar/src/rust-lang/docs.rs)

But since

  • it's unmaintained
  • is wrapping unsafe code
  • is used in lol_html

I see a theoretical risk that it might be a problem, so I'll keep this issue open.

@syphar
Copy link
Member

syphar commented Feb 23, 2024

I created a pull request to lol_html to remove the dependency: cloudflare/lol-html#208

@syphar
Copy link
Member

syphar commented Mar 14, 2024

My change to lol_html was merged and then released in 1.2.1, which we updated to in #2458

@syphar syphar closed this as completed Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@syphar