Task #5928
open
Task #5994: tracking: rust: update dependencies
rust/bendy: update to address RUSTSEC-2020-0036
Added by Jason Ish over 1 year ago.
Updated 2 months ago.
Description
Bendy 0.3.3 uses the failure crate which is no longer been maintained and been assigned RUSTSEC-2020-0036. There should be no risk, this is just an advisory that it is unmaintained.
Bendy 0.4 will use a new maintained error crate but is still in beta.
Bendy homepage: https://github.com/P3KI/bendy
- Target version changed from 7.0.0-rc2 to 7.0.0
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
- Description updated (diff)
- Target version changed from 7.0.0 to 7.0.1
- Target version changed from 7.0.1 to 7.0.2
Pushing forward to 7.0.2.
- Target version changed from 7.0.2 to 7.0.3
Bendy 0.4 is still beta2 for one year...
Should we use another crate ?
- Target version changed from 7.0.3 to 7.0.4
- Target version changed from 7.0.4 to 7.0.5
- Target version changed from 7.0.5 to 7.0.6
- Target version changed from 7.0.6 to 7.0.7
Can we replace the crate by something that is supported in master and then see about a possible backport @Jason Ish?
From the dev meeting today : A solution could be to remove usage of bendy, and do our own needed decoding...
- Target version changed from 7.0.7 to 7.0.8
Also available in: Atom
PDF