Task #5928
openTask #5994: tracking: rust: update dependencies
rust/bendy: update to address RUSTSEC-2020-0036
Description
Bendy 0.3.3 uses the failure crate which is no longer been maintained and been assigned RUSTSEC-2020-0036. There should be no risk, this is just an advisory that it is unmaintained.
Bendy 0.4 will use a new maintained error crate but is still in beta.
Bendy homepage: https://github.com/P3KI/bendy
Updated by Philippe Antoine over 1 year ago
- Target version changed from 7.0.0-rc2 to 7.0.0
Updated by Juliana Fajardini Reichow over 1 year ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.0 to 7.0.1
Updated by Jason Ish about 1 year ago
- Target version changed from 7.0.1 to 7.0.2
Pushing forward to 7.0.2.
Updated by Philippe Antoine 8 months ago
Bendy 0.4 is still beta2 for one year...
Should we use another crate ?
Updated by Victor Julien 8 months ago
- Target version changed from 7.0.3 to 7.0.4
Updated by Victor Julien 6 months ago
- Target version changed from 7.0.4 to 7.0.5
Updated by Victor Julien 4 months ago
- Target version changed from 7.0.6 to 7.0.7
Updated by Victor Julien about 1 month ago
Can we replace the crate by something that is supported in master and then see about a possible backport @Jason Ish?
Updated by Philippe Antoine 12 days ago
From the dev meeting today : A solution could be to remove usage of bendy, and do our own needed decoding...
Updated by Jason Ish 11 days ago
Victor Julien wrote in #note-13:
Can we replace the crate by something that is supported in master and then see about a possible backport @Jason Ish?
There is one that appears to more maintained: https://github.com/toby/serde-bencode