Skip to content

replace unmaintained 'encoding' crate with 'encoding_rs' (RUSTSEC-2021-0153)#20

Merged
dacut merged 1 commit intodacut:mainfrom
HatemMn:fix/bump_encoding_crate
Mar 31, 2026
Merged

replace unmaintained 'encoding' crate with 'encoding_rs' (RUSTSEC-2021-0153)#20
dacut merged 1 commit intodacut:mainfrom
HatemMn:fix/bump_encoding_crate

Conversation

@HatemMn
Copy link
Copy Markdown
Contributor

@HatemMn HatemMn commented Mar 31, 2026

Description:

Context: This PR replaces the encoding crate with encoding_rs to resolve the security advisory RUSTSEC-2021-0153. The original encoding crate has been unmaintained since 2016 and causes cargo audit / deny to fail in downstream projects that rely on scratchstack-aws-signature.

Changes Made:

I've kept the changes to the absolute minimum necessary to make the project compile and pass tests again
You can read the diffs, there isn't much

@HatemMn
Copy link
Copy Markdown
Contributor Author

HatemMn commented Mar 31, 2026

@dacut can you pleeeeeeeeeeease merge this ? This being an active RUSTSEC vulnerability flagging all downstream projects during CI audits, it would be highly appreciated

@dacut
Copy link
Copy Markdown
Owner

dacut commented Mar 31, 2026

Looking at this now, @HatemMn

@dacut
Copy link
Copy Markdown
Owner

dacut commented Mar 31, 2026

(Strange that I'm not getting GitHub vulnerability report for this; thanks for flagging it!)

@dacut dacut merged commit 17038a6 into dacut:main Mar 31, 2026
1 check passed
@dacut
Copy link
Copy Markdown
Owner

dacut commented Mar 31, 2026

Running cargo semver-checks now to verify a patch bump is appropriate (which it should be).

@dacut
Copy link
Copy Markdown
Owner

dacut commented Mar 31, 2026

Bah, I forgot that main had diverged from the v0.11.3 tag. Creating a v0.11.x branch now.

@dacut
Copy link
Copy Markdown
Owner

dacut commented Mar 31, 2026

Verifying that the tests still pass...

@dacut
Copy link
Copy Markdown
Owner

dacut commented Mar 31, 2026

Alright, this has been pushed to crates.io as version 0.11.4. Thanks again!

@dacut dacut self-assigned this Mar 31, 2026
@HatemMn
Copy link
Copy Markdown
Contributor Author

HatemMn commented Apr 1, 2026

@dacut thanks m8 for your responsiveness !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants