👋🏽 this is kind of complicated. RUSTSEC-2023-0089 was issued, because atomic-polyfill is deprecated, from cargo audit:
Crate: atomic-polyfill
Version: 1.0.3
Warning: unmaintained
Title: atomic-polyfill is unmaintained
Date: 2023-07-11
ID: RUSTSEC-2023-0089
URL: https://rustsec.org/advisories/RUSTSEC-2023-0089
Dependency tree:
atomic-polyfill 1.0.3
└── heapless 0.7.17
└── postcard 1.1.3
├── serde_columnar 0.3.14
│ ├── loro-internal 1.8.1
│ │ └── loro 1.8.1
│ │ └── business 0.3.3
│ └── loro-common 1.8.1
│ ├── loro-kv-store 1.8.1
│ │ ├── loro-internal 1.8.1
│ │ └── loro 1.8.1
│ ├── loro-internal 1.8.1
│ └── loro 1.8.1
└── loro-internal 1.8.
heapless 0.9.x uses an alternative polyfill, but postcard hides this behind an (in their words) experimental feature flag: heapless-v0_9. I do have a working fork that uses the main branch and said feature, though. I think that does not eliminate the need for heapless 0.7 completely.
I think this needs to wait until jamesmunns/postcard#223 is resolved, probably with a postcard 2.0 (compatible with 1.0 bin format).
👋🏽 this is kind of complicated. RUSTSEC-2023-0089 was issued, because
atomic-polyfillis deprecated, fromcargo audit:heapless 0.9.x uses an alternative polyfill, but postcard hides this behind an (in their words) experimental feature flag:
heapless-v0_9. I do have a working fork that uses themainbranch and said feature, though. I think that does not eliminate the need for heapless 0.7 completely.I think this needs to wait until jamesmunns/postcard#223 is resolved, probably with a postcard 2.0 (compatible with 1.0 bin format).