RUSTSEC-2020-0168: mach is unmaintained

[github-actions]

mach is unmaintained

Details
Status	unmaintained
Package	mach
Version	0.3.2
URL	fitzgen/mach#63
Date	2020-07-14

Last release was almost 4 years ago.

Maintainer(s) seem to be completely unreachable.

Possible Alternative(s)

These may or may not be suitable alternatives and have not been vetted in any way;

• mach2 - direct fork

See advisory page for additional details.

[Swatinem]

Being pulled in via moka.

[tatsuya6502]

Hi. I believe this issue was already addressed in symbolicator v23.4.0. moka v0.10.2 replaced mach with mach2, and symbolicator v23.4.0 depends on that moka version. (Cargo.lock).

moka CHANGELOG v0.10.2:

• Upgraded quanta crate to v0.11.0. (#251)
  • This resolved "RUSTSEC-2020-0168: mach is unmaintained" (#243) by replacing mach with mach2.

symbolicator v23.4.0 does not depend on mach anymore:

$ git remote -v
origin	git@github.com:getsentry/symbolicator.git (fetch)
origin	git@github.com:getsentry/symbolicator.git (push)

$ git checkout 23.4.0
$ git submodule update --recursive

$ cargo tree -i mach --target all
error: package ID specification `mach` did not match any packages

	Did you mean `mach2`?

$ cargo tree -i mach2 --target all
mach2 v0.4.1
└── quanta v0.11.0
    └── moka v0.10.2
        └── symbolicator-service v23.4.0 (... /crates/symbolicator-service)
            ├── symbolicator v23.4.0 (... /crates/symbolicator)
            └── symbolicli v23.4.0 (... /crates/symbolicli)

[Swatinem]

Thanks for reaching out!

I also updated moka in #1169, so this is fixed