Old pgp dependency relies on crates that have been renamed or merged #55

Pi-Cla · 2022-06-24T03:50:31Z

There are warnings from cargo audit about the version of pgp this crate uses depending on various crates that had been renamed or merged, here is one of them:

Crate:     aes-soft
Version:   0.6.4
Warning:   unmaintained
Title:     `aes-soft` has been merged into the `aes` crate
Date:      2021-04-29
ID:        RUSTSEC-2021-0060
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0060
Dependency tree:
aes-soft 0.6.4
└── aes 0.6.0
    └── pgp 0.7.2
        └── rpm-rs 0.8.1

The text was updated successfully, but these errors were encountered:

Pi-Cla · 2022-06-24T07:05:24Z

Upon further research, apparently the issue with the time crate is misleading since it is already fixed in chrono. (chronotope/chrono#499 (comment)) So instead I will edit this to only mention the warning about package merging.

Pi-Cla · 2022-06-24T07:31:15Z

Nvm... sorry for taking up space, even the warnings aren't meaningful upon further further investigation

Pi-Cla changed the title ~~RUSTSEC-2020-0071: chrono: time: Potential segfault in the time crate~~ Old pgp dependency relies on crates that have been renamed or merged Jun 24, 2022

Pi-Cla closed this as completed Jun 24, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Old pgp dependency relies on crates that have been renamed or merged #55

Old pgp dependency relies on crates that have been renamed or merged #55

Pi-Cla commented Jun 24, 2022 •

edited

Loading

Pi-Cla commented Jun 24, 2022

Pi-Cla commented Jun 24, 2022

Old pgp dependency relies on crates that have been renamed or merged #55

Old pgp dependency relies on crates that have been renamed or merged #55

Comments

Pi-Cla commented Jun 24, 2022 • edited Loading

Pi-Cla commented Jun 24, 2022

Pi-Cla commented Jun 24, 2022

Pi-Cla commented Jun 24, 2022 •

edited

Loading