RUSTSEC-2024-0419: gtk-rs GTK3 bindings - no longer maintained #1033
Comments
|
@FabianLars Why was this closed? it appears Tauri and Tao still depend on gtk3. I'm constantly getting dependabot security warnings about a library GTK3 depends on being vulnerable, because GTK3 requires an old version of that library. Looking at the crates.io page for this project shows that it's still in use. In WRY it was closed as not planned, and it is rather confusing as to why anyone would want a potential security issue to be treated as "not planned". |
|
no worries, we plan to downgrade to gtk2 asap. that should get rid of the dependabot warnings :)
Not Planned is for duplicate issues: I used github refined's batch close feature for those which sadly means that the issue they were closed as a duplicate of wasn't linked. That's ofc my bad, i didn't have that in mind. In tao i wanted to do the same but misclicked on Close as completed. I also didn't mean to close all 10 of them in this repo as there's no , so thanks for reaching out. I'll reopen this one here then. See tauri-apps/tauri#11928 (comment) for a general roadmap for gtk4 support (no timelines). At this point in time i doubt we can get rid of gtk3 in 2025 unless we get some serious help. |
gtk3-macros0.18.2The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at gtk4-rs instead.
The text was updated successfully, but these errors were encountered: