Skip to content

fix(p2p): cache responses to serve without roundtrip to db (#2352) #447

fix(p2p): cache responses to serve without roundtrip to db (#2352)

fix(p2p): cache responses to serve without roundtrip to db (#2352) #447

GitHub Actions / Security audit succeeded Nov 19, 2024 in 1s

Security advisories found

5 unmaintained, 1 other

Details

Warnings

RUSTSEC-2024-0375

atty is unmaintained

Details
Status unmaintained
Package atty
Version 0.2.14
URL softprops/atty#57
Date 2024-09-25

The maintainer of atty has published an official notice that the crate is no longer
under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait.

Alternative(s)

  • std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement per the atty maintainer.
  • is-terminal - Standalone crate supporting Rust older than 1.70.0

RUSTSEC-2024-0388

derivative is unmaintained; consider using an alternative

Details
Status unmaintained
Package derivative
Version 2.2.0
URL mcarton/rust-derivative#117
Date 2024-06-26

The derivative crate is no longer maintained.
Consider using any alternative, for instance:

RUSTSEC-2024-0384

instant is unmaintained

Details
Status unmaintained
Package instant
Version 0.1.13
Date 2024-09-01

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.

RUSTSEC-2022-0081

json is unmaintained

Details
Status unmaintained
Package json
Version 0.12.4
URL maciejhirsz/json-rust#205
Date 2022-02-01

Last release was almost 3 years ago.

The maintainer is unresponsive with outstanding issues.

One of the outstanding issues include a possible soundness issue.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

RUSTSEC-2024-0370

proc-macro-error is unmaintained

Details
Status unmaintained
Package proc-macro-error
Version 1.0.4
URL https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
Date 2024-09-01

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)