Maintenance #45
Comments
This was referenced Jan 6, 2021
|
His github status at the moment is: "No time to maintain personal projects at the moment" so that confirms it. |
This was referenced Oct 7, 2021
This was referenced Nov 24, 2021
This was referenced Dec 8, 2021
This was referenced May 1, 2022
This was referenced May 21, 2022
gitlab-dfinity
pushed a commit
to dfinity/ic
that referenced
this issue
Dec 28, 2023
fix: fix multiple advisory warnings and 1 error found by cargo-deny
Openssl is removed (again) from Cargo.toml.
The following warnings are removed from the repository.
```
error[xxx]: Tungstenite allows remote attackers to cause a denial of service
┌─ /ic/Cargo.lock:1331:1
│
1331 │ tungstenite 0.17.3 registry+https://github.com/rust-lang/crates.io-index
│ ------------------------------------------------------------------------ security xxx detected
│
= ID: RUSTSEC-2023-0065
= Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0065
= The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
a denial of service (minutes of CPU consumption) via an excessive length of an
HTTP header in a client handshake. The length affects both how many times a parse
is attempted (e.g., thousands of times) and the average amount of data for each
parse attempt (e.g., millions of bytes).
= Announcement: snapview/tungstenite-rs#376
= Solution: Upgrade to >=0.20.1 (try `cargo update -p tungstenite`)
warning[unmaintained]: difference is unmaintained
┌─ /ic/Cargo.lock:267:1
│
267 │ difference 2.0.0 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------------- unmaintained advisory detected
│
= ID: RUSTSEC-2020-0095
= Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0095
= The author of the `difference` crate is unresponsive.
Maintained alternatives:
- [`dissimilar`](https://crates.io/crates/dissimilar)
- [`similar`](https://crates.io/crates/similar)
- [`treediff`](https://crates.io/crates/treediff)
- [`diffus`](https://crates.io/crates/diffus)
= Announcement: johannhof/difference.rs#45
= Solution: No safe upgrade is available!
warning[unsound]: Unaligned write of u64 on 32-bit and 16-bit platforms
┌─ /ic/Cargo.lock:1355:1
│
1355 │ unsafe-libyaml 0.2.9 registry+https://github.com/rust-lang/crates.io-index
│ -------------------------------------------------------------------------- unsound advisory detected
│
= ID: RUSTSEC-2023-0075
= Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0075
= Affected versions allocate memory using the alignment of `usize` and write data
to it of type `u64`, without using `core::ptr::write_unaligned`. In platforms
with sub-64bit alignment for `usize` (including wasm32 and x86) these writes
are insufficiently aligned some of the time.
If using an ordinary optimized standard library, the bug exhibits Undefined
Behavior so may or may not behave in any sensible way, depending on
optimization settings and hardware and other things. If using a Rust standard
library built with debug assertions enabled, the bug manifests deterministically
in a crash (non-unwinding panic) saying _"ptr::write requires that the pointer
argument is aligned and non-null"_.
No 64-bit platform is impacted by the bug.
The flaw was corrected by allocating with adequately high alignment on all
platforms.
= Announcement: dtolnay/unsafe-libyaml#21
= Solution: Upgrade to >=0.2.10 (try `cargo update -p unsafe-libyaml`)
warning[yanked]: detected yanked crate (try `cargo update -p ahash`)
┌─ /ic/Cargo.lock:20:1
│
20 │ ahash 0.7.6 registry+https://github.com/rust-lang/crates.io-index
│ ----------------------------------------------------------------- yanked version
warning[yanked]: detected yanked crate (try `cargo update -p ahash`)
┌─ /ic/Cargo.lock:21:1
│
21 │ ahash 0.8.3 registry+https://github.com/rust-lang/crates.io-index
│ ----------------------------------------------------------------- yanked version
warning[yanked]: detected yanked crate (try `cargo update -p hermit-abi`)
┌─ /ic/Cargo.lock:385:1
│
385 │ hermit-abi 0.3.1 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------------- yanked version
```
See merge request dfinity-lab/public/ic!16899
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all, might I ask you what is the current status of this crate? There hasn't been a release to crates.io for 2 years and issues/PRs don't get forward... Are there any blockers? If you feel you don't have time/motivation to maintain this project, I'd suggest sharing the rights to push/publish the crate to some contributors
cc @johannhof
The text was updated successfully, but these errors were encountered: