-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cargo.toml dependencies need cleanup? #1995
Comments
neunenak
added a commit
to neunenak/just
that referenced
this issue
Apr 10, 2024
cf. casey#1995 update regex and remove yaml-rust
Merged
neunenak
added a commit
to neunenak/just
that referenced
this issue
Apr 10, 2024
cf. casey#1995 update regex and remove yaml-rust . Also update the heck dependency to its latest version.
I think this was fixed in #1999. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
During recent research for
vim-just
I ran across this - https://deps.rs/crate/justWhere couple things jumped out:
just
's dependency onregex
states version 1.5.4, which the deps.rs link flags as a security vulnerability. However,just
is actually usingregex
version 1.10.3 -just/Cargo.lock
Lines 715 to 718 in c237c00
Should this be updated in
Cargo.toml
to prevent false positives?just
declares a development dependency onyaml-rust
, which is unmaintained. AFAICT this dependency is completely unused in today'sjust
code, seems its use was removed in bb5b962 ?The text was updated successfully, but these errors were encountered: