diff --git a/HOWTO_UNMAINTAINED.md b/HOWTO_UNMAINTAINED.md index b696e1ca..493bfb45 100644 --- a/HOWTO_UNMAINTAINED.md +++ b/HOWTO_UNMAINTAINED.md @@ -71,6 +71,10 @@ When creating the advisory, please include a link to an open issue on the upstream project repository where the maintenance status has been discussed in the `url = "..."` field of the advisory. +If the upstream project repository has issues disabled, or if an upstream +issue does not adequately explain the circumstances, please include +`url = "..."` linking to an issue in the `advisory-db` project. + For more information on adding an advisory to the RustSec DB, see: diff --git a/crates/libyml/RUSTSEC-0000-0000.md b/crates/libyml/RUSTSEC-0000-0000.md new file mode 100644 index 00000000..95bf7bff --- /dev/null +++ b/crates/libyml/RUSTSEC-0000-0000.md @@ -0,0 +1,21 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "libyml" +date = "2025-09-11" +url = "https://github.com/rustsec/advisory-db/issues/2395" +informational = "unmaintained" + +[versions] +patched = [] +``` + +# libyml crate is unmaintained + +The `libyml` crate is no longer actively maintained. +If you rely on this crate, it is highly recommended switching to a maintained alternative. + +## Recommended alternatives + +- [`libyaml-safer`](https://crates.io/crates/libyaml-safer) +- [`unsafe-libyaml-norway`](https://crates.io/crates/unsafe-libyaml-norway) - Maintained fork of `unsafe-libyaml` \ No newline at end of file diff --git a/crates/serde_yml/RUSTSEC-0000-0000.md b/crates/serde_yml/RUSTSEC-0000-0000.md new file mode 100644 index 00000000..bd1de8d2 --- /dev/null +++ b/crates/serde_yml/RUSTSEC-0000-0000.md @@ -0,0 +1,26 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "serde_yml" +date = "2025-09-11" +url = "https://github.com/rustsec/advisory-db/issues/2395" +informational = "unmaintained" + +[versions] +patched = [] +``` + +# serde_yml crate is unmaintained + +The `serde_yml` crate is no longer actively maintained, after unsounded issues were raised. +If you rely on this crate, it is highly recommended switching to a maintained alternative. + +## Recommended alternatives + +- [`serde_norway`](https://crates.io/crates/serde_norway) - Maintained fork of `serde_yaml`, using `unsafe-libyaml-norway` +- [`serde_yaml_ng`](https://crates.io/crates/serde_yaml_ng) - Maintained fork of `serde_yaml`, using unmaintained `unsafe-libyaml` + +## Incomplete alternatives + +- [`serde_yaml2`](https://crates.io/crates/serde_yaml2) +- [`yaml-peg`](https://crates.io/crates/yaml-peg)