Skip to content

remove deprecated dependency from app crate#3305

Merged
brentstone merged 2 commits intomainfrom
stanisloe-2999
May 31, 2024
Merged

remove deprecated dependency from app crate#3305
brentstone merged 2 commits intomainfrom
stanisloe-2999

Conversation

@tzemanovic
Copy link
Copy Markdown
Collaborator

@tzemanovic tzemanovic commented May 24, 2024
edited by cwgoes
Loading

Describe your changes

Rebased from #2999 as I couldn't push to source branch.

Closes #2993

As discussed in linked issue yaml-rust is not maintened and poses a risk as future vulnerabilities or bugs in yaml-rust will not be addressed. Also it makes noise if you run cargo-audit. As advised in RUSTSEC-2024-0320 yaml-rust2 is a fully compliant YAML 1.2 implementation written in rust and works faster than its predecessor yaml-rust and fully compatible with it.
crates/app is the affected crate and it fetches yaml-rust from config crate.
I've udpated config crate to the latest version and fixed compilation errors and warnings.
The reason why I'm using commit version instead of release tag for config crate is that it's owner is looking for new maintainer and not releasing new tags until than. But yaml-rust2 issue was tested and merged to main branch from this pr so it should be safe to use.

Indicate on which release or other PRs this topic is based on

v0.37.0

Checklist before merging to draft

  • I have added a changelog
  • Git history is in acceptable state

This was referenced May 24, 2024
Closed
Closed
@tzemanovic tzemanovic marked this pull request as ready for review May 24, 2024 08:04
@tzemanovic tzemanovic requested a review from brentstone May 24, 2024 08:04
@codecov
Copy link
Copy Markdown

codecov bot commented May 24, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 16 lines in your changes are missing coverage. Please review.

Project coverage is 53.89%. Comparing base (6dc1612) to head (915127a).
Report is 2 commits behind head on main.

Files Patch % Lines
crates/apps_lib/src/config/mod.rs 0.00% 9 Missing ⚠️
crates/apps_lib/src/config/global.rs 0.00% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3305      +/-   ##
==========================================
- Coverage   53.89%   53.89%   -0.01%     
==========================================
  Files         314      314              
  Lines      105704   105706       +2     
==========================================
  Hits        56968    56968              
- Misses      48736    48738       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

brentstone added a commit that referenced this pull request May 28, 2024
@brentstone
Merge branch 'stanisloe-2999' (#3305)
d8aad24 
* stanisloe-2999:
  changelog: add #3305
  remove deprecated dependency from app crate
brentstone added a commit that referenced this pull request May 30, 2024
@brentstone
Merge branch 'stanisloe-2999' (#3305)
d0e611c 
* origin/stanisloe-2999:
  changelog: add #3305
  remove deprecated dependency from app crate
@brentstone brentstone merged commit 98bbd7f into main May 31, 2024
@brentstone brentstone deleted the stanisloe-2999 branch May 31, 2024 02:31
@0x4r45h 0x4r45h mentioned this pull request Oct 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cwgoes cwgoes cwgoes approved these changes

@brentstone brentstone brentstone approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unmaintained Dependency: yaml-rust

4 participants

@tzemanovic @cwgoes @brentstone @stanisloe