Skip to content

Bump serde from 1.0.210 to 1.0.216 (#1487) #3670

Bump serde from 1.0.210 to 1.0.216 (#1487)

Bump serde from 1.0.210 to 1.0.216 (#1487) #3670

GitHub Actions / Security audit succeeded Dec 23, 2024 in 0s

Security advisories found

5 unmaintained, 1 unsound, 1 other

Details

Warnings

RUSTSEC-2021-0139

ansi_term is Unmaintained

Details
Status unmaintained
Package ansi_term
Version 0.12.1
URL ogham/rust-ansi-term#72
Date 2021-08-18

The maintainer has advised that this crate is deprecated and will not receive any maintenance.

The crate does not seem to have much dependencies and may or may not be ok to use as-is.

Last release seems to have been three years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

Dependency Specific Migration(s)

RUSTSEC-2024-0375

atty is unmaintained

Details
Status unmaintained
Package atty
Version 0.2.14
URL softprops/atty#57
Date 2024-09-25

The maintainer of atty has published an official notice that the crate is no longer
under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait.

Alternative(s)

  • std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement per the atty maintainer.
  • is-terminal - Standalone crate supporting Rust older than 1.70.0

RUSTSEC-2024-0384

instant is unmaintained

Details
Status unmaintained
Package instant
Version 0.1.13
Date 2024-09-01

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.

RUSTSEC-2024-0370

proc-macro-error is unmaintained

Details
Status unmaintained
Package proc-macro-error
Version 1.0.4
URL https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
Date 2024-09-01

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)

RUSTSEC-2020-0163

term_size is unmaintained; use terminal_size instead

Details
Status unmaintained
Package term_size
Version 0.3.2
URL clap-rs/term_size-rs#31
Date 2020-11-03

The term_size crate is no longer maintained. Consider using
terminal_size instead.

RUSTSEC-2021-0145

Potential unaligned read

Details
Status unsound
Package atty
Version 0.2.14
URL softprops/atty#50
Date 2021-07-04

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.

atty is Unmaintained

A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

Last release of atty was almost 3 years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

Crate futures-util is yanked

No extra details provided.