Closed Bug 1998418 Opened 5 months ago Closed 5 months ago

serde_cbor dependency of webauthn/authrs_bridge/ is no longer maintained

Categories

(Core :: DOM: Web Authentication, defect)

Product:
Core
Component:
DOM: Web Authentication
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: valentin, Assigned: aleiserson)

Details

Attachments

(1 file)

Bug 1998418, 1998421 - Waive cargo audit unmaintained warnings r=ErichDonGubler,valentin
48 bytes, text/x-phabricator-request
Details | Review

While doing a mach vendor rust I got the following warning:

Advisory:
serde_cbor is unmaintained
Package: serde_cbor
ID: RUSTSEC-2021-0127
Report date: 2021-08-15
The serde_cbor crate is unmaintained. The author has archived the github repository.

Alternatives proposed by the author:

    [ciborium](https://crates.io/crates/ciborium)
    [minicbor](https://crates.io/crates/minicbor)

URL: https://github.com/pyfisch/cbor
Advisory metadata: {

"aliases": [],
"related": [],
"collection": "crates",
"categories": [],
"keywords": [],
"informational": "unmaintained",
"references": [],
"source": null,
"withdrawn": null,
"license": "CC0-1.0"

}

Package info: {

"name": "serde_cbor",
"version": "0.11.2",
"source": "registry+https://github.com/rust-lang/crates.io-index",
"checksum": "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5",
"dependencies": [
  {
    "name": "half",
    "version": "1.999.999",
    "source": null
  },
  {
    "name": "serde",
    "version": "1.0.227",
    "source": "registry+https://github.com/rust-lang/crates.io-index"
  }
],
"replace": null

}

serde_cbor is a dependency of dom/webauthn/authrs_bridge/

Flags: needinfo?(jschanck)
Summary: paste dependency of webauthn/authrs_bridge/ is no longer maintained → serde_cbor dependency of webauthn/authrs_bridge/ is no longer maintained

See also: https://github.com/mozilla/authenticator-rs/issues/327

There is a fork of serde_cbor that is (listed as) maintained, but authrs was not yet switched over since the sources are basically identical, and I guess nobody bothered.
The fork is from a colleague of mine (and I may even have commit rights as well).

https://github.com/mozilla/authenticator-rs/pull/355

Status: NEW → RESOLVED
Closed: 5 months ago
Flags: needinfo?(jschanck)
Resolution: --- → FIXED
Assignee: nobody → aleiserson
Assignee: aleiserson → nobody
Assignee: nobody → aleiserson

A patch has been attached on this bug, which was already closed. Filing a separate bug will ensure better tracking. If this was not by mistake and further action is needed, please alert the appropriate party. (Or: if the patch doesn't change behavior -- e.g. landing a test case, or fixing a typo -- then feel free to disregard this message)

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: