cargo audit paste

[eslerm]

Please be aware that cargo audit will warn if other rust projects vendor Parser since the dependency paste is no longer maintained (RUSTSEC-2024-0436).

[eslerm@ares Parser]$ cargo audit 
    Updating crates.io index
     Locking 120 packages to latest compatible versions
      Adding itertools v0.11.0 (available: v0.14.0)
      Adding lalrpop v0.20.2 (available: v0.22.2)
      Adding lalrpop-util v0.20.2 (available: v0.22.2)
      Adding lexical-parse-float v0.8.5 (available: v1.0.5)
      Adding malachite-bigint v0.2.3 (available: v0.6.1)
      Adding phf v0.11.3 (available: v0.12.1)
      Adding phf_codegen v0.11.3 (available: v0.12.1)
      Adding rand v0.8.5 (available: v0.9.1)
      Adding rustc-hash v1.1.0 (available: v2.1.1)
      Adding unicode_names2 v1.3.0 (available: v2.0.0)
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 787 security advisories (from /home/eslerm/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (126 crate dependencies)
Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
└── malachite-bigint 0.2.3
    ├── rustpython-parser 0.4.0
    ├── rustpython-format 0.4.0
    └── rustpython-ast 0.4.0
        └── rustpython-parser 0.4.0

warning: 1 allowed warning found

[eslerm@ares RustPython]$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 787 security advisories (from /home/eslerm/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (383 crate dependencies)
Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
├── rustpython-vm 0.4.0
│   ├── rustpython_wasm 0.4.0
│   ├── rustpython-stdlib 0.4.0
│   │   ├── rustpython_wasm 0.4.0
│   │   └── rustpython 0.4.0
│   └── rustpython 0.4.0
├── rustpython-stdlib 0.4.0
└── malachite-bigint 0.6.0
    ├── rustpython-vm 0.4.0
    ├── rustpython-stdlib 0.4.0
    ├── rustpython-compiler-core 0.4.0
    │   ├── rustpython-vm 0.4.0
    │   ├── rustpython-pylib 0.4.0
    │   │   ├── rustpython_wasm 0.4.0
    │   │   └── rustpython 0.4.0
    │   ├── rustpython-jit 0.4.0
    │   │   └── rustpython-vm 0.4.0
    │   ├── rustpython-derive-impl 0.4.0
    │   │   └── rustpython-derive 0.4.0
    │   │       ├── rustpython-vm 0.4.0
    │   │       ├── rustpython-stdlib 0.4.0
    │   │       ├── rustpython-pylib 0.4.0
    │   │       └── rustpython-jit 0.4.0
    │   ├── rustpython-compiler 0.4.0
    │   │   ├── rustpython-vm 0.4.0
    │   │   ├── rustpython-derive 0.4.0
    │   │   └── rustpython 0.4.0
    │   └── rustpython-codegen 0.4.0
    │       ├── rustpython-vm 0.4.0
    │       └── rustpython-compiler 0.4.0
    ├── rustpython-common 0.4.0
    │   ├── rustpython_wasm 0.4.0
    │   ├── rustpython-vm 0.4.0
    │   └── rustpython-stdlib 0.4.0
    └── rustpython-codegen 0.4.0

warning: 1 allowed warning found

[fanninpm]

The RustPython project is now using Ruff's parser instead of this crate.

@youknowone should we update the README to that effect?