For macos and ios switch from mach crate to mach2 crate #79
Conversation
mach crate seems abandoned while mach2 crate is more actively updated.
|
GitHub's dependabot has started automatically opening issues in crates that use mach. It'd be great if this PR can be merged. |
|
While I have to admit that I'm not a fan of RUSTSEC advisories being used just for marking crates as unmaintained when there's no specific security issue... I also realize that having to deal with those warnings, and having to exclude specific warnings, sucks. This seemed pretty straightforward, so I went ahead with merging. I have a few other tweaks and things to likely merge in the next few days/week or so, so I'll try and cut a release once things look like they're solidified on my end. |
This is offtopic and there's no need to continue this discussion further. But: Unmaintained crates might have security issues and bugs, etc. but since they get no attention there's no reason to security audit or fix bugs since nobody is going to merge the fixes. And for example RUSTSEC-2023-0020 is one crate which was first reported as unmaintained, but further look into source code revealed two other issues making unmaintained crate a security issue. And it might also happen that when a crate is reported as unmaintained someone might step up and make a fork. That's what happened to Unmaintained advisories serve the community to raise awareness and help take care of the supply chain before unmaintained crates grow to bigger issues. |
|
@oherrala This PR is now released as of Thanks again for your contribution. 👍🏻 |
mach crate seems abandoned while mach2 crate is more actively updated. Warning has been published in RUSTSEC-2020-0168. This shouldn't have any functional change.
See:
mach? JohnTitor/mach2#13