-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace yaml-rust
with yaml-rust2
in order to not be affected by RUSTSEC-2024-0320
#537
Comments
Update: it appears, I'll submit a PR to run the update regardless, though it may be worth looking into removing it all together since the dependency doesn't seem to be referenced in the code at all. |
It's used throughout this file syntect/src/parsing/yaml_load.rs Lines 8 to 9 in de715e5
|
Ah, my apologies |
yaml-rust
appears to be unmaintained, however, the community has published an actively maintained fork under the name ofyaml-rust2
, It is a drop in replacement.Details on "Vulnerability" - RUSTSEC-2024-0320.
Assuming this isn't a duplicate (I could not find this being brought up before in this issues list), I will submit a PR dropping this in, it's a single line so assuming the developers of
yaml-rust2
didn't change the API, shouldn't be an issue.The text was updated successfully, but these errors were encountered: