Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUSTSEC-2024-0384: instant is unmaintained #1635

Open
github-actions bot opened this issue Nov 11, 2024 · 4 comments · May be fixed by #1652 or #1653
Open

RUSTSEC-2024-0384: instant is unmaintained #1635

github-actions bot opened this issue Nov 11, 2024 · 4 comments · May be fixed by #1652 or #1653
Assignees

Comments

@github-actions
Copy link
Contributor

Details
Package instant
Version 0.1.13
Warning unmaintained
URL n/a
Patched Versions n/a

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.

@clux
Copy link
Member

clux commented Nov 11, 2024

Pulled in via backoff:

error[unmaintained]: `instant` is unmaintained
    ┌─ /github/workspace/Cargo.lock:107:1
    │
107 │ instant 0.1.13 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
    │
    ├ ID: RUSTSEC-2024-0384
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0384
    ├ This crate is no longer maintained, and the author recommends using the maintained [`web-time`] crate instead.
      
      [`web-time`]: https://crates.io/crates/web-time
    ├ Solution: No safe upgrade is available!
    ├ instant v0.1.13
      └── backoff v0.4.0
          └── kube-runtime v0.96.0

@flavio
Copy link
Contributor

flavio commented Nov 11, 2024

Backoff is no longer maintained. I suggest switching to backon. We (Kubewarden team) have positive experience with that.

If you want I can help with the migration

@clux
Copy link
Member

clux commented Nov 19, 2024

backon sounds good to me. The backon author suggested as much as well in #923 (comment) and remember looking into it then as a (at the very least) suitable candidate. feel free to have a go if you have time - happy to assign you.

@nightkr nightkr self-assigned this Nov 28, 2024
nightkr added a commit to nightkr/kube-rs that referenced this issue Nov 28, 2024
Fixes kube-rs#1635

Signed-off-by: Natalie Klestrup Röijezon <[email protected]>
@nightkr nightkr linked a pull request Nov 28, 2024 that will close this issue
flavio added a commit to flavio/kube that referenced this issue Nov 29, 2024
Replace the `backoff` dependency with `backon`. The former one is no
longer maintained and is also pulling the `instant` crate, which has
been marked as unmaintained by RUSTSEC.

Prior to this commit the public API of kube-rs exposed a trait defined
by the `backoff` crate. This commits introduces a new trait defined by
kube-rs, which wraps the `backon` trait.

Fixes kube-rs#1635

Signed-off-by: Flavio Castelli <[email protected]>
@flavio flavio linked a pull request Nov 29, 2024 that will close this issue
flavio added a commit to flavio/kube that referenced this issue Nov 29, 2024
Replace the `backoff` dependency with `backon`. The former one is no
longer maintained and is also pulling the `instant` crate, which has
been marked as unmaintained by RUSTSEC.

Prior to this commit the public API of kube-rs exposed a trait defined
by the `backoff` crate. This commits introduces a new trait defined by
kube-rs, which wraps the `backon` trait.

Fixes kube-rs#1635

Signed-off-by: Flavio Castelli <[email protected]>
@flavio
Copy link
Contributor

flavio commented Nov 29, 2024

I've created #1653 to address this issue

flavio added a commit to flavio/kube that referenced this issue Jan 17, 2025
Replace the `backoff` dependency with `backon`. The former one is no
longer maintained and is also pulling the `instant` crate, which has
been marked as unmaintained by RUSTSEC.

Prior to this commit the public API of kube-rs exposed a trait defined
by the `backoff` crate. This commits introduces a new trait defined by
kube-rs, which wraps the `backon` trait.

Fixes kube-rs#1635

Signed-off-by: Flavio Castelli <[email protected]>
flavio added a commit to flavio/kube that referenced this issue Jan 17, 2025
Replace the `backoff` dependency with `backon`. The former one is no
longer maintained and is also pulling the `instant` crate, which has
been marked as unmaintained by RUSTSEC.

Prior to this commit the public API of kube-rs exposed a trait defined
by the `backoff` crate. This commits introduces a new trait defined by
kube-rs, which wraps the `backon` trait.

Fixes kube-rs#1635

Signed-off-by: Flavio Castelli <[email protected]>
flavio added a commit to flavio/kube that referenced this issue Jan 17, 2025
Replace the `backoff` dependency with `backon`. The former one is no
longer maintained and is also pulling the `instant` crate, which has
been marked as unmaintained by RUSTSEC.

Prior to this commit the public API of kube-rs exposed a trait defined
by the `backoff` crate. This commits introduces a new trait defined by
kube-rs, which wraps the `backon` trait.

Fixes kube-rs#1635

Signed-off-by: Flavio Castelli <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants