Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2024-0320: yaml-rust is unmaintained. #693

Closed
github-actions bot opened this issue Mar 26, 2024 · 6 comments · Fixed by #701
Closed

RUSTSEC-2024-0320: yaml-rust is unmaintained. #693

github-actions bot opened this issue Mar 26, 2024 · 6 comments · Fixed by #701
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@github-actions
Copy link
Contributor

yaml-rust is unmaintained.

Details
Status unmaintained
Package yaml-rust
Version 0.4.5
URL rustsec/advisory-db#1921
Date 2024-03-20

The maintainer seems unreachable.

Many issues and pull requests have been submitted over the years
without any response.

Alternatives

Consider switching to the actively maintained yaml-rust2 fork of the original project:

See advisory page for additional details.
@github-project-automation github-project-automation bot moved this to Triage needed in Akri Roadmap Mar 26, 2024
@kate-goldenring
Copy link
Contributor

Updating serde_yaml should resolve this

@kate-goldenring kate-goldenring added help wanted Extra attention is needed good first issue Good for newcomers labels May 7, 2024
@yujinkim-msft yujinkim-msft moved this from Triage needed to Backlog in Akri Roadmap Jun 4, 2024
@CeerDecy
Copy link
Contributor

CeerDecy commented Sep 4, 2024
edited
Loading

I want to contribute to this issue. Can I try it? @kate-goldenring

@kate-goldenring
Copy link
Contributor

@CeerDecy that would be great! Thank you.

@CeerDecy
Copy link
Contributor

CeerDecy commented Sep 5, 2024
edited
Loading

@kate-goldenring I will upgrade the serde_yaml v0.8 to v0.9, and the package kube v0.80.0 also depends on the old version of serde_yaml. Should the dependencies kube v0.80.0 be upgraded to kube v0.87.2?

kube v0.80.0 dependencies are as follows:
kube v0.80.0 -> kube-client v0.80.0 -> serde_yaml v0.8.26 -> yaml-rust v0.4.5

@CeerDecy CeerDecy mentioned this issue Sep 6, 2024
Merged
8 tasks
@kate-goldenring
Copy link
Contributor

@CeerDecy updating kube is quite involved as the API watcher and reconciliation has greatly changed. I am working on that right now for the controller, so we can also track that here, as well. For now, lets get in your serde_yaml update

@CeerDecy
Copy link
Contributor

CeerDecy commented Sep 11, 2024
edited
Loading

@kate-goldenring okay. I got it.
other serde_yaml has been updated and tested, please check this pr #701

@github-project-automation github-project-automation bot moved this from Backlog to Done in Akri Roadmap Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
Akri Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade serde_yaml CeerDecy/akri
2 participants
@kate-goldenring @CeerDecy