Skip to content
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.

[Fixes #143] Replace deprecated twoway with memchr #144

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

michalfita
Copy link

The author of twoway marked it as deprecated. This PR replaces it with maintained memchr crate.

@kpcyrd
Copy link

kpcyrd commented Jan 19, 2023

Pulling in warp currently causes my project to be flagged with https://osv.dev/RUSTSEC-2021-0146:

╭─────────────────────────────────────┬───────────┬─────────┬─────────┬────────────╮
│ OSV URL (ID IN BOLD)                │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE     │
├─────────────────────────────────────┼───────────┼─────────┼─────────┼────────────┤
│ https://osv.dev/RUSTSEC-2021-0145   │ crates.io │ atty    │ 0.2.14  │ Cargo.lock │
│ https://osv.dev/GHSA-wcg3-cvx6-7396 │ crates.io │ time    │ 0.1.45  │ Cargo.lock │
│ https://osv.dev/RUSTSEC-2020-0071   │           │         │         │            │
│ https://osv.dev/RUSTSEC-2021-0146   │ crates.io │ twoway  │ 0.1.8   │ Cargo.lock │
╰─────────────────────────────────────┴───────────┴─────────┴─────────┴────────────╯

This patch would get rid of twoway in my project.

Copy link

@rillian rillian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for writing this change. It would be great to get a new release out with this change to address cargo audit warnings.

The fuzz directory also has a Cargo.lock which should be updated as well.

@michalfita
Copy link
Author

@rillian Running cargo update ended up with updates that break this code, it doesn't compile any more. I tried more conservative approach, but no luck.

I'm sorry, I don't have time for at least next 9 months to fix @abonander's code into state where this stuff would work again. He has to fix master, remove deprecated stuff and repair the fuzzer with recent released version.

As far as I see things, @abonander abandoned this project over 1½ years ago.

@rillian
Copy link

rillian commented Feb 2, 2023

@michalfita thanks for the quick response! You're right, the fuzzer isn't working anyway, so I withdraw my suggestion.

I agree maintainership has been sparse, but it's an important crate for web service applications, so I wanted to do what I could to help things along.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants