Hi, On Tue, Jun 16, 2026 at 02:49:56AM +0100, Peter Green wrote: > > > The http-types crate is unmaintained and the issue is unlikely to be > > > fixed. > > > > Given the last statement this is more about tracking. > > > > Can the package OTOH be worked towards beeing removed? > > Reverse dependencies seem to be async-h1 and http-cache.
async-h1 doesn't have any rdeps at the moment, so let's just work towards removing it. No point in keeping a vulnerability around. This also might have been a dependency for surf (which in turn was originally needed for zellij) which I managed to drop from the dependencies, so maybe I also wouldn't get affected. -- Best, Ananthu
signature.asc
Description: PGP signature
