Skip to content

Use pastey instead of paste which is unmaintained #18786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Use pastey instead of paste which is unmaintained #18786

wants to merge 1 commit into from

Conversation

@vii
Copy link

@vii vii commented Nov 17, 2025

The paste crate is no longer maintained according to https://osv.dev/vulnerability/RUSTSEC-2024-0436

pastey claims to be a drop in replacement; following instructions added

+ paste = { package = "pastey", version = "*" }

@vii
Use pastey instead of paste which is unmaintained
d5d075b 
The paste crate is no longer maintained according to https://osv.dev/vulnerability/RUSTSEC-2024-0436 

`pastey` claims to be a drop in replacement; following [instructions](https://docs.rs/pastey/latest/pastey/) added 

```
+ paste = { package = "pastey", version = "*" }
```
@github-actions github-actions bot added the logical-expr Logical plan and expressions label Nov 17, 2025
@alamb
Copy link
Contributor

alamb commented Nov 17, 2025

Thank you @vii . Is there some problem with paste that would need maintenance? Unless there is a problem I am pretty hesitant to take on a new crate with a relatively small distribution

@vii
Copy link
Author

vii commented Nov 17, 2025

@alamb yes that's a great question (see reddit thread). The reason I want to move off paste is to avoid RUSTSEC-2024-0436 which blocks us using it at work.

Would you accept a PR with the token pasting implemented inline in this crate instead?

@alamb
Copy link
Contributor

alamb commented Nov 18, 2025

@alamb yes that's a great question (see reddit thread). The reason I want to move off paste is to avoid RUSTSEC-2024-0436 which blocks us using it at work.

Would you accept a PR with the token pasting implemented inline in this crate instead?

Yes, absolutely, inlining the implementation (or frankly removing the use of paste from this crate) would both be good solutions in my mind

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

logical-expr Logical plan and expressions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vii @alamb