As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.
This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.
Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
When migrating a codebase off of rust-crypto, I encountered a few uses of the md5 digest, and realized that it was missing from this advisory. Since deprecations are good onboarding tasks for folks new to rust (like me), I figured it would be helpful to explicitly state here that RustCrypto has an `md-5` crate you can use as (almost) a drop-in replacement
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.
This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
No releases since May 2016, no commits since September 2016, with
62 open issues and 37 open PRs.
Author is unresponsive:
https://github.com/DaGenix/rust-crypto/issues/440
Advisory includes a large list of maintained "successor" crates:
`rust-crypto` was a kitchen sink of functionality, so the advisory
contains a list of potential successor crates each with an
algorithm-by-algorithm breakdown of what they support.
