Cargo Audit Yields Warnings #4724
Labels
dependencies
Pull requests that update a dependency file
Comments
|
See rust-diplomat/diplomat#464 for progress on the clap migration |
|
We actually don't use Diplomat's CLI, we should use a Cargo feature to make Diplomat's |
|
We might want to run cargo audit as part of our daily main CI (it shouldn't be on PRs because we don't want the passage of time to break PR CI). |
|
We no longer have |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See icu4x-cargo-audit.txt
for the full results.
In summary:
There are transitive dependencies on atty (which is unmaintained and has a RUSTSEC entry) and atomic-polyfill which has been yanked and deprecated by the author
To fix the atomic-polyfill issue we need to update the serde-json-core dependency to 0.5.1 and postcard to 1.0.8.
To fix the atty issue we need to update criterion to 0.5.1 and clap (which is depended on by diplomat-tool) to version 4. Note the migration guide from clap 3 to 4
The text was updated successfully, but these errors were encountered: