andrewdavidmackenzie opened issue #8044:
When running cargo audit for my project I noticed this:
andrew@MacBook-Pro flow % cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 609 security advisories (from /Users/andrew/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (495 crate dependencies) Crate: mach Version: 0.3.2 Warning: unmaintained Title: mach is unmaintained Date: 2020-07-14 ID: RUSTSEC-2020-0168 URL: https://rustsec.org/advisories/RUSTSEC-2020-0168 Dependency tree: mach 0.3.2 └── wasmtime-runtime 18.0.2 └── wasmtime 18.0.2 └── flowr 0.142.0
cfallin commented on issue #8044:
Duplicate of #6000 that has a still-open PR #6164 to move to
mach2
instead; @fitzgen, you're one of the listed owners ofmach
; any thoughts on this?
cfallin commented on issue #8044:
(As @jameysharp mentioned on #6164, we'd need to audit the fork, or at least the diff from its branch-point, so this isn't a no-effort switch, but the current situation isn't great either...)
fitzgen commented on issue #8044:
@fitzgen, you're one of the listed owners of
mach
; any thoughts on this?I started the crate nearly a decade ago, and haven't touched it in nearly as long. I handed off ownership to others, and I guess they are gone. I have no interest in maintaining the crate.
cfallin commented on issue #8044:
Makes sense! Any interest in auditing
mach2
, since you know the codebase? From #6164 it looks like once we have that it's a pretty straightforward find-replace to switch.
alexcrichton closed issue #8044:
When running cargo audit for my project I noticed this:
andrew@MacBook-Pro flow % cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 609 security advisories (from /Users/andrew/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (495 crate dependencies) Crate: mach Version: 0.3.2 Warning: unmaintained Title: mach is unmaintained Date: 2020-07-14 ID: RUSTSEC-2020-0168 URL: https://rustsec.org/advisories/RUSTSEC-2020-0168 Dependency tree: mach 0.3.2 └── wasmtime-runtime 18.0.2 └── wasmtime 18.0.2 └── flowr 0.142.0
Last updated: Dec 23 2024 at 12:05 UTC