RUSTSEC-2020-0168: mach is unmaintained

[github-actions]

mach is unmaintained

Details
Status	unmaintained
Package	mach
Version	0.3.2
URL	fitzgen/mach#63
Date	2020-07-14

Last release was almost 4 years ago.

Maintainer(s) seem to be completely unreachable.

Possible Alternative(s)

These may or may not be suitable alternatives and have not been vetted in any way;

• mach2 - direct fork

See advisory page for additional details.

[Razican]

We have 2 crates in our dependency tree that depend on mach:

• region: Dependency of wasmer-engine-universal and wasmer-vm
• wasmer-vm: Dependency of wasmer, wasmer-engine, wasmer-engine-dylib and wasmer-engine-universal

From here, we can tell that everything comes from wasmer-wasi and icu_codepointtrie_builder, which both depend on wasmer. The firs one is a dependency of icu_codepointtrie_builder itself, while icu_codepointtrie_builder is a dependency of icu_datagen.

icu_codepointtrie_builder depends on wasmer 2.2.1, while the new wasmer 3.1.1 no longer depends on mach.

Here we have the Cargo.toml file: https://github.com/unicode-org/icu4x/blob/edde7d3de287f3fb520eb2fc8da9fcca5fd002f3/components/collections/codepointtrie_builder/Cargo.toml#L46

I will try to create a PR for this during the weekend, along with the syn 2.0 support for ICU crates.

[Razican]

It was a bit tricky to update the wasmer dependency for ICU4x, so I created unicode-org/icu4x#3241