Stream: git-wasmtime

Topic: wasmtime / issue #8044 dependency on unmaintained `mach` ...


view this post on Zulip Wasmtime GitHub notifications bot (Mar 04 2024 at 14:59):

andrewdavidmackenzie opened issue #8044:

When running cargo audit for my project I noticed this:

andrew@MacBook-Pro flow % cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 609 security advisories (from /Users/andrew/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (495 crate dependencies)
Crate:     mach
Version:   0.3.2
Warning:   unmaintained
Title:     mach is unmaintained
Date:      2020-07-14
ID:        RUSTSEC-2020-0168
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0168
Dependency tree:
mach 0.3.2
└── wasmtime-runtime 18.0.2
    └── wasmtime 18.0.2
        └── flowr 0.142.0

view this post on Zulip Wasmtime GitHub notifications bot (Mar 04 2024 at 16:11):

cfallin commented on issue #8044:

Duplicate of #6000 that has a still-open PR #6164 to move to mach2 instead; @fitzgen, you're one of the listed owners of mach; any thoughts on this?

view this post on Zulip Wasmtime GitHub notifications bot (Mar 04 2024 at 16:12):

cfallin commented on issue #8044:

(As @jameysharp mentioned on #6164, we'd need to audit the fork, or at least the diff from its branch-point, so this isn't a no-effort switch, but the current situation isn't great either...)

view this post on Zulip Wasmtime GitHub notifications bot (Mar 04 2024 at 16:35):

fitzgen commented on issue #8044:

@fitzgen, you're one of the listed owners of mach; any thoughts on this?

I started the crate nearly a decade ago, and haven't touched it in nearly as long. I handed off ownership to others, and I guess they are gone. I have no interest in maintaining the crate.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 04 2024 at 16:56):

cfallin commented on issue #8044:

Makes sense! Any interest in auditing mach2, since you know the codebase? From #6164 it looks like once we have that it's a pretty straightforward find-replace to switch.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 08 2024 at 16:46):

alexcrichton closed issue #8044:

When running cargo audit for my project I noticed this:

andrew@MacBook-Pro flow % cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 609 security advisories (from /Users/andrew/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (495 crate dependencies)
Crate:     mach
Version:   0.3.2
Warning:   unmaintained
Title:     mach is unmaintained
Date:      2020-07-14
ID:        RUSTSEC-2020-0168
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0168
Dependency tree:
mach 0.3.2
└── wasmtime-runtime 18.0.2
    └── wasmtime 18.0.2
        └── flowr 0.142.0


Last updated: Dec 23 2024 at 12:05 UTC