Rust #6774
Security advisories found
8 unmaintained, 1 other
Details
Warnings
RUSTSEC-2025-0012
backoffis unmainted.
| Details | |
|---|---|
| Status | unmaintained |
| Package | backoff |
| Version | 0.4.0 |
| URL | ihrwein/backoff#66 |
| Date | 2025-03-04 |
The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate.
RUSTSEC-2024-0388
derivativeis unmaintained; consider using an alternative
| Details | |
|---|---|
| Status | unmaintained |
| Package | derivative |
| Version | 2.2.0 |
| URL | mcarton/rust-derivative#117 |
| Date | 2024-06-26 |
The derivative crate is no longer maintained.
Consider using any alternative, for instance:
RUSTSEC-2024-0384
instantis unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | instant |
| Version | 0.1.13 |
| Date | 2024-09-01 |
This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.
RUSTSEC-2020-0168
mach is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | mach |
| Version | 0.3.2 |
| URL | fitzgen/mach#63 |
| Date | 2020-07-14 |
Last release was almost 4 years ago.
Maintainer(s) seem to be completely unreachable.
Possible Alternative(s)
These may or may not be suitable alternatives and have not been vetted in any way;
- mach2 - direct fork
RUSTSEC-2022-0061
Crate
parity-wasmdeprecated by the author
| Details | |
|---|---|
| Status | unmaintained |
| Package | parity-wasm |
| Version | 0.45.0 |
| URL | paritytech/parity-wasm#334 |
| Date | 2022-10-01 |
This PR explicitly deprecates parity-wasm.
The author recommends switching to wasm-tools.
RUSTSEC-2024-0436
paste - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | paste |
| Version | 1.0.15 |
| URL | https://github.com/dtolnay/paste |
| Date | 2024-10-07 |
The creator of the crate paste has stated in the README.md
that this project is not longer maintained as well as archived the repository
RUSTSEC-2024-0370
proc-macro-error is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | proc-macro-error |
| Version | 1.0.4 |
| URL | https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 |
| Date | 2024-09-01 |
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.
Possible Alternative(s)
RUSTSEC-2025-0010
Versions of ring prior to 0.17 are unmaintained.
| Details | |
|---|---|
| Status | unmaintained |
| Package | ring |
| Version | 0.16.20 |
| URL | briansmith/ring#2450 |
| Date | 2025-03-05 |
ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc.
Additionally, the project's general policy is to only patch the latest release,
which is 0.17.12 now. It will be difficult for anybody to backport future fixes
to versions earlier than 0.17.10 due to license changes.
Crate critical-section is yanked
No extra details provided.