rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add unmaintained libyml and serde_yml

Browse Source
This commit is contained in:
John Vandenberg
2025-09-11 12:10:37 +08:00
committed by Dirkjan Ochtman
parent 84eeae67d4
commit d04d1eb6aa
3 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
HOWTO_UNMAINTAINED.md
View File

@@ -71,6 +71,10 @@ When creating the advisory, please include a link to an open issue
on the upstream project repository where the maintenance status has been
discussed in the `url = "..."` field of the advisory.
If the upstream project repository has issues disabled, or if an upstream
issue does not adequately explain the circumstances, please include
`url = "..."` linking to an issue in the `advisory-db` project.
For more information on adding an advisory to the RustSec DB, see:
<https://github.com/RustSec/advisory-db/blob/main/CONTRIBUTING.md>

21
crates/libyml/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "libyml"
date = "2025-09-11"
url = "https://github.com/rustsec/advisory-db/issues/2395"
informational = "unmaintained"
[versions]
patched = []
```
# libyml crate is unmaintained
The `libyml` crate is no longer actively maintained.
If you rely on this crate, it is highly recommended switching to a maintained alternative.
## Recommended alternatives
- [`libyaml-safer`](https://crates.io/crates/libyaml-safer)
- [`unsafe-libyaml-norway`](https://crates.io/crates/unsafe-libyaml-norway) - Maintained fork of `unsafe-libyaml`

26
crates/serde_yml/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,26 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "serde_yml"
date = "2025-09-11"
url = "https://github.com/rustsec/advisory-db/issues/2395"
informational = "unmaintained"
[versions]
patched = []
```
# serde_yml crate is unmaintained
The `serde_yml` crate is no longer actively maintained, after unsounded issues were raised.
If you rely on this crate, it is highly recommended switching to a maintained alternative.
## Recommended alternatives
- [`serde_norway`](https://crates.io/crates/serde_norway) - Maintained fork of `serde_yaml`, using `unsafe-libyaml-norway`
- [`serde_yaml_ng`](https://crates.io/crates/serde_yaml_ng) - Maintained fork of `serde_yaml`, using unmaintained `unsafe-libyaml`
## Incomplete alternatives
- [`serde_yaml2`](https://crates.io/crates/serde_yaml2)
- [`yaml-peg`](https://crates.io/crates/yaml-peg)