Allow paste even though unmaintained, for now#1879
Closed
Eliah Kagan (EliahKagan) wants to merge 2 commits intoGitoxideLabs:mainfrom
Closed
Allow paste even though unmaintained, for now#1879Eliah Kagan (EliahKagan) wants to merge 2 commits intoGitoxideLabs:mainfrom
paste even though unmaintained, for now#1879Eliah Kagan (EliahKagan) wants to merge 2 commits intoGitoxideLabs:mainfrom
Conversation
Bumps the cargo group with 1 update in the / directory: [ring](https://github.com/briansmith/ring). Updates `ring` from 0.17.8 to 0.17.13 - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) --- updated-dependencies: - dependency-name: ring dependency-type: indirect dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com>
https://rustsec.org/advisories/RUSTSEC-2024-0436.html now causes the `cargo deny advisories` check to fail (even if the separate and more important failure from `ring` is fixed by bumping the `ring` version, as in GitoxideLabs#1878). `paste` is mature and would be hard to remove as a transitive dependency at this time: > cargo tree --invert paste --no-dedupe --depth 3 paste v1.0.15 (proc-macro) └── ratatui v0.26.3 ├── crosstermion v0.14.0 │ ├── gitoxide v0.41.0 (C:\Users\ek\source\repos\gitoxide) │ └── prodash v29.0.0 ├── prodash v29.0.0 │ ├── gitoxide v0.41.0 (C:\Users\ek\source\repos\gitoxide) │ ├── gix v0.70.0 (C:\Users\ek\source\repos\gitoxide\gix) │ └── gix-features v0.40.0 (C:\Users\ek\source\repos\gitoxide\gix-features) └── tui-react v0.23.2 ├── crosstermion v0.14.0 └── prodash v29.0.0 As discussed in rustsec/advisory-db#2215 and leptos-rs/leptos#3685, `paste` is widely used and there is community interest in maintaining it. When the status changes or more information about the future of `paste` or its alternatives is available, `deny.toml` could be updated again (even if only with a comment).
Eliah Kagan (EliahKagan)
force-pushed
the
run-ci/paste
branch
from
7c9644f to
1d9f7cd
Compare
Member
Author
|
Because a similar change to 1d9f7cd in this PR is included in cf7f34d (added to #1882), and cf7f34d also includes another change for an advisory published after this PR was opened, I think 1d9f7cd in this PR can be considered superseded. But the only other changes in this PR are those from #1878. I suspect that #1878 can also be closed due to another change added to #1882. I'll check into that shortly. Either way, whether or not #1878 is also superseded, I think this establishes this PR as superseded. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://rustsec.org/advisories/RUSTSEC-2024-0436.html now causes the
cargo deny advisoriescheck to fail (even if the separate and more important failure fromringis fixed by bumping theringversion, as in #1878).pasteis mature and would be hard to remove as a transitive dependency at this time:As discussed in rustsec/advisory-db#2215 and leptos-rs/leptos#3685,
pasteis widely used and there is community interest in maintaining it.When the status changes or more information about the future of
pasteor its alternatives is available,deny.tomlcould be updated again (even if only with a comment).This PR adds a commit atop #1878. It would be reasonable to include this change there, but I cannot use a review comment to propose an automatically appliable patch to code in a PR that is not changed or right next to lines that are changed. I considered opening this against the Dependabot branch for #1878 rather than against main, but in this case it seems like that might be more complicated to handle; but I'd be pleased to change the base branch on request.
If #1878 is merged first, then this can be merged and the history should be okay and still free of duplicate commits. Or this could be rebased after that for a slightly clearer history. Or if this is merged before #1878, it will bring in the changes from there, and I believe #1878 will be closed automatically. Another option is to merge this commit into the branch for #1878 (
git merge 1d9f7cdwhen on that branch) and then merge #1878.This causes the
cargo deny advisoriescheck to pass. The remaining failures here are unrelated to the changes. They are the same as the other failures occurring on main:test-fixtures-windows(due to #1849, #1870 would fix) andtest-32bit(due to rustup changes, #1874 would fix).