Replace unmaintained encoding dep with maintained encoding_rs dep #4694
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I used cargo-audit to audit our dependencies and found some vulnerabilities. There are some severe vulnerabilities that are from indirect dependencies. I am currently working on this.
In addition to the sever, there are 3 warnings for using unmaintained crates. I couldn't find a crate that did the same thing as
safemem
, andyaml-rust
is an indirect dependency of the latest version ofmarkdown-it
. However,, I was able to find a replacement for the encoding crate we use.I replaced
encoding
, which hasn't had an update in 7 years withencoding_rs
, which was last updated less than a month ago and has about 10 times the all time downloads and 16 times recent downloads compared to the former.