New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RUSTSEC-2020-0095: difference
is unmaintained
#44
Comments
I'd be willing to attempt this and submit a PR if it would be accepted. |
Actually looks like difference provides a pretty large portion of pretty_assertion's functionality. It looks like diffus will provide the best replacement, but I think this is not the job for a first-time contributor. |
If someone wants to give this a try, the inline highlighting of this crate is something I would also like to the similar replacement crate. Then that would become a pretty straightforward drop in replacement. This example is probably close enough to what pretty-assertions uses difference for: https://github.com/mitsuhiko/similar/blob/main/examples/terminal-inline.rs |
I've submitted an implementation in #45 using |
@tommilligan curious why you're saying similar does not support line diffing. |
@mitsuhiko apologies, going back and reading the docs I see it clearly supports arbitrary sequences 🤦♂️ my bad. In that case I will port my PR to |
@tommilligan fwiw with similar the entire crate gets reduced to something like this: https://gist.github.com/mitsuhiko/b2e1b280bebedc783495a10b0fa7b3e2 Note that currently similar's Looks like this: |
Did you get any feedback from the maintainer? The last update in this crate is quite old. @colin-kiegel are you around? Otherwise is one more crate to maybe open a rust-sec entry =/ |
@mrcosta I've made contact with @colin-kiegel and we've outlined a plan for ongoing maintenance of the I'm happy to ping you when I have a more formal plan and tasklist written up for comment. |
A fix has been merged to |
difference
is a dependency ofpretty-assertions
. The crate is unmaintained now, see the RUSTSEC-2020-0095 advisory.pretty-assertions
is used quite a bit in the ecosystem and since it pulls indifference
cargo audit
will warn about this in every crate.Maybe it is possible to migrate to one of the alternatives listed in the advisory.
The text was updated successfully, but these errors were encountered: