Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove deprecated dependency from app crate #3305

Merged
merged 2 commits into from
May 31, 2024
Merged

remove deprecated dependency from app crate #3305

merged 2 commits into from
May 31, 2024

Conversation

tzemanovic
Copy link
Member

@tzemanovic tzemanovic commented May 24, 2024
edited by cwgoes
Loading

Describe your changes

Rebased from #2999 as I couldn't push to source branch.

Closes #2993

As discussed in linked issue yaml-rust is not maintened and poses a risk as future vulnerabilities or bugs in yaml-rust will not be addressed. Also it makes noise if you run cargo-audit. As advised in RUSTSEC-2024-0320 yaml-rust2 is a fully compliant YAML 1.2 implementation written in rust and works faster than its predecessor yaml-rust and fully compatible with it.
crates/app is the affected crate and it fetches yaml-rust from config crate.
I've udpated config crate to the latest version and fixed compilation errors and warnings.
The reason why I'm using commit version instead of release tag for config crate is that it's owner is looking for new maintainer and not releasing new tags until than. But yaml-rust2 issue was tested and merged to main branch from this pr so it should be safe to use.

Indicate on which release or other PRs this topic is based on

v0.37.0

Checklist before merging to draft

  • I have added a changelog
  • Git history is in acceptable state

This was referenced May 24, 2024
Closed
Closed
@tzemanovic tzemanovic marked this pull request as ready for review May 24, 2024 08:04
@codecov Codecov
Copy link

codecov bot commented May 24, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 16 lines in your changes are missing coverage. Please review.

Project coverage is 53.89%. Comparing base (6dc1612) to head (915127a).
Report is 2 commits behind head on main.

Files Patch % Lines
crates/apps_lib/src/config/mod.rs 0.00% 9 Missing ⚠️
crates/apps_lib/src/config/global.rs 0.00% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3305      +/-   ##
==========================================
- Coverage   53.89%   53.89%   -0.01%     
==========================================
  Files         314      314              
  Lines      105704   105706       +2     
==========================================
  Hits        56968    56968              
- Misses      48736    48738       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

brentstone added a commit that referenced this pull request May 28, 2024
@brentstone
Merge branch 'stanisloe-2999' (#3305)
d8aad24 
* stanisloe-2999:
  changelog: add #3305
  remove deprecated dependency from app crate
brentstone added a commit that referenced this pull request May 30, 2024
@brentstone
Merge branch 'stanisloe-2999' (#3305)
d0e611c 
* origin/stanisloe-2999:
  changelog: add #3305
  remove deprecated dependency from app crate
@brentstone brentstone merged commit 98bbd7f into main May 31, 2024
16 of 19 checks passed
@brentstone brentstone deleted the stanisloe-2999 branch May 31, 2024 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwgoes cwgoes cwgoes approved these changes

@brentstone brentstone brentstone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unmaintained Dependency: yaml-rust
4 participants
@tzemanovic @cwgoes @brentstone @stanisloe