From 1fa6e720f7221ce2ff542e3ff48af2bbf7d88537 Mon Sep 17 00:00:00 2001
From: Rantz <bg@bubbleandhubble.com>
Date: Sun, 21 Jul 2024 13:36:36 -0700
Subject: [PATCH 1/3] Create unmainted advisory for serde_yaml

---
 crates/serde_yaml/RUSTSEC-0000-0000.md | 39 ++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 crates/serde_yaml/RUSTSEC-0000-0000.md

diff --git a/crates/serde_yaml/RUSTSEC-0000-0000.md b/crates/serde_yaml/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..deee495e0
--- /dev/null
+++ b/crates/serde_yaml/RUSTSEC-0000-0000.md
@@ -0,0 +1,39 @@
+```
+[advisory]
+# Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"
+# identifier e.g. RUSTSEC-2018-0001. Please use "RUSTSEC-0000-0000" in PRs.
+id = "RUSTSEC-0000-0000"
+
+# Name of the affected crate (mandatory)
+package = "serde_yaml"
+
+# Disclosure date of the advisory as an RFC 3339 date (mandatory)
+date = "2024-07-21"
+
+# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
+# a change log entry, or a blogpost announcing the release (optional, except
+# for advisories using a license that requires attribution).
+url = "https://github.com/dtolnay/serde-yaml/blob/master/README.md"
+
+# Optional: Indicates the type of informational security advisory
+#  - "unsound" for soundness issues
+#  - "unmaintained" for crates that are no longer maintained
+#  - "notice" for other informational notices
+informational = "unmaintained"
+
+# Freeform keywords which describe this vulnerability, similar to Cargo (optional)
+keywords = ["yaml", "serde", "serialization]
+
+# Versions which include fixes for this vulnerability (mandatory)
+# All selectors supported by Cargo are supported here:
+# https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
+# use patched = [] e.g. in case of unmaintained where there is no fix
+[versions]
+patched = []
+```
+
+# serde_yaml - no longer maintained
+
+The creator of serde_yaml has stated in the readme of their repo that the lib is no longer maintained, and also marked versoin 0.9.34 as deprecated.
+
+The repo is archived and an issue can not be opened to confirm the authors desire to push an advisory.

From cb10ca70b39433f6d9848e6d305031a0a25d2d41 Mon Sep 17 00:00:00 2001
From: Rantz <bg@bubbleandhubble.com>
Date: Sun, 21 Jul 2024 13:52:41 -0700
Subject: [PATCH 2/3] Update RUSTSEC-0000-0000.md

---
 crates/serde_yaml/RUSTSEC-0000-0000.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/serde_yaml/RUSTSEC-0000-0000.md b/crates/serde_yaml/RUSTSEC-0000-0000.md
index deee495e0..0f881af98 100644
--- a/crates/serde_yaml/RUSTSEC-0000-0000.md
+++ b/crates/serde_yaml/RUSTSEC-0000-0000.md
@@ -1,4 +1,4 @@
-```
+```toml
 [advisory]
 # Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"
 # identifier e.g. RUSTSEC-2018-0001. Please use "RUSTSEC-0000-0000" in PRs.

From 376f51871a85aaa3b3862b0e49fd0f1d572c3621 Mon Sep 17 00:00:00 2001
From: Rantz <bg@bubbleandhubble.com>
Date: Sun, 21 Jul 2024 13:56:04 -0700
Subject: [PATCH 3/3] Update RUSTSEC-0000-0000.md

---
 crates/serde_yaml/RUSTSEC-0000-0000.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/serde_yaml/RUSTSEC-0000-0000.md b/crates/serde_yaml/RUSTSEC-0000-0000.md
index 0f881af98..39a12518b 100644
--- a/crates/serde_yaml/RUSTSEC-0000-0000.md
+++ b/crates/serde_yaml/RUSTSEC-0000-0000.md
@@ -22,7 +22,7 @@ url = "https://github.com/dtolnay/serde-yaml/blob/master/README.md"
 informational = "unmaintained"
 
 # Freeform keywords which describe this vulnerability, similar to Cargo (optional)
-keywords = ["yaml", "serde", "serialization]
+keywords = ["yaml", "serde", "serialization"]
 
 # Versions which include fixes for this vulnerability (mandatory)
 # All selectors supported by Cargo are supported here: