Commit db63534
Point our Cratesio dep to paste-complete instead of paste.
This is intended to be a stopgap where we would restore the 'paste' dep at a later date.
The situation is that the author of `paste` (dtolnay, who is a prolific Rust library author) declared it 'finished' and so archived the github repo to signal no intent to make further patches. Rustsec issued RUSTSEC-2024-0436 based on the fact that the github repo was archived:
https://rustsec.org/advisories/RUSTSEC-2024-0436.html
Many projects have tests that check for transitive deps on crates which have rustsecs published by default, and in this case its essentially entirely a false-positive where there's actually no security issue at all and there is essentially no chance of there being one going forward.
The underlying issue should be addressed at some point (potentially the `paste` crate on crates.io officially moving to some other owner so that rustsec will drop the notice).
If the official 'paste' crate situation is actually never resolved, some other long term solution may be more appropriate, but in the meantime the dep on paste-complete that "we" are officially on the hook for will avoid any consternation when the Protobuf crate sets of alarms from our Paste dep.
PiperOrigin-RevId: 8576522631 parent 272f68a commit db63534
File tree
2 files changed
+2
-2
lines changed- rust/release_crates
- protobuf_tests
- protobuf
2 files changed
+2
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
| 21 | + | |
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
0 commit comments