serde_yaml
package is deprecated and no longer maintained
#6262
Labels
serde_yaml
package is deprecated and no longer maintained
#6262
Description
As of release 0.9.34,
serde_yaml
is deprecated and the repository has been archived.Version
Lighthouse stable and unstable
Present Behaviour
Currently lighthouse depends on
serde_yaml
0.9.34+deprecated
It is currently working and there are no vulnerabilities that I am aware of.
Steps to resolve
Consider alternatives.
At this stage, keeping
serde_yaml
may be preferable while alternatives become more mature and vetted.Want to be careful to avoid a supply chain attack.
serde_yaml
has highlighted limitations with the existing libyaml backend (unmaintained) here, stating that an improved backend would be a pure rust implementation, or a close translation of libfyaml C codesaphyr-serde
crateserde-yml
fork that has more downloads on crates.io but seems a bit suspicious and I'd recommend against it.The text was updated successfully, but these errors were encountered: