Task #5928
openTask #5994: tracking: rust: update dependencies
Task #7880: rust/bendy: update to address RUSTSEC-2020-0036
rust/bendy: update to address RUSTSEC-2020-0036 (7.0.x backport)
Added by Jason Ish about 3 years ago. Updated 29 days ago.
Description
Bendy 0.3.3 uses the failure crate which is no longer been maintained and been assigned RUSTSEC-2020-0036. There should be no risk, this is just an advisory that it is unmaintained.
Bendy 0.4 will use a new maintained error crate but is still in beta.
Bendy homepage: https://github.com/P3KI/bendy
VJ Updated by Victor Julien almost 3 years ago Actions #1
- Parent task set to #5994
PA Updated by Philippe Antoine almost 3 years ago Actions #2
- Target version changed from 7.0.0-rc2 to 7.0.0
JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions #3
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
JI Updated by Jason Ish almost 3 years ago Actions #4
- Description updated (diff)
VJ Updated by Victor Julien over 2 years ago Actions #5
- Target version changed from 7.0.0 to 7.0.1
JI Updated by Jason Ish over 2 years ago Actions #6
- Target version changed from 7.0.1 to 7.0.2
Pushing forward to 7.0.2.
JI Updated by Jason Ish over 2 years ago Actions #7
- Target version changed from 7.0.2 to 7.0.3
PA Updated by Philippe Antoine about 2 years ago Actions #8
Bendy 0.4 is still beta2 for one year...
Should we use another crate ?
VJ Updated by Victor Julien about 2 years ago Actions #9
- Target version changed from 7.0.3 to 7.0.4
VJ Updated by Victor Julien about 2 years ago Actions #10
- Target version changed from 7.0.4 to 7.0.5
JI Updated by Jason Ish almost 2 years ago Actions #11
- Target version changed from 7.0.5 to 7.0.6
VJ Updated by Victor Julien almost 2 years ago Actions #12
- Target version changed from 7.0.6 to 7.0.7
VJ Updated by Victor Julien over 1 year ago Actions #13
Can we replace the crate by something that is supported in master and then see about a possible backport @Jason Ish?
PA Updated by Philippe Antoine over 1 year ago Actions #14
From the dev meeting today : A solution could be to remove usage of bendy, and do our own needed decoding...
JI Updated by Jason Ish over 1 year ago Actions #15
Victor Julien wrote in #note-13:
Can we replace the crate by something that is supported in master and then see about a possible backport @Jason Ish?
There is one that appears to more maintained: https://github.com/toby/serde-bencode
JI Updated by Jason Ish over 1 year ago Actions #16
- Target version changed from 7.0.7 to 7.0.8
JI Updated by Jason Ish over 1 year ago Actions #17
- Target version changed from 7.0.8 to 7.0.9
Pushing forward, no sign of a new release coming.
PA Updated by Philippe Antoine about 1 year ago Actions #18
- Target version changed from 7.0.9 to 7.0.10
Not sure we will ever do it
VJ Updated by Victor Julien about 1 year ago Actions #19
- Target version changed from 7.0.10 to 7.0.11
PA Updated by Philippe Antoine 9 months ago Actions #21
bendy "0.4.0-beta.4" as of June 2025
JI Updated by Jason Ish 7 months ago Actions #23
- Copied to Task #7880: rust/bendy: update to address RUSTSEC-2020-0036 added
VJ Updated by Victor Julien 5 months ago Actions #24
- Target version changed from 7.0.13 to 7.0.14
JI Updated by Jason Ish about 1 month ago Actions #27
- Target version changed from 7.0.15 to 7.0.16