From 2e575a92dd49b4cf21285471e31beb492aad1842 Mon Sep 17 00:00:00 2001
From: David Aguilar <davvid@gmail.com>
Date: Wed, 20 Mar 2024 23:33:47 -0700
Subject: [PATCH] Add an unmaintained crate advisory for yaml-rust

Closes: #1921
---
 crates/yaml-rust/RUSTSEC-2024-0320.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 crates/yaml-rust/RUSTSEC-2024-0320.md

diff --git a/crates/yaml-rust/RUSTSEC-2024-0320.md b/crates/yaml-rust/RUSTSEC-2024-0320.md
new file mode 100644
index 000000000..12c0fe971
--- /dev/null
+++ b/crates/yaml-rust/RUSTSEC-2024-0320.md
@@ -0,0 +1,26 @@
+```toml
+[advisory]
+id = "RUSTSEC-2024-0320"
+package = "yaml-rust"
+date = "2024-03-20"
+informational = "unmaintained"
+url = "https://github.com/rustsec/advisory-db/issues/1921"
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# yaml-rust is unmaintained.
+
+The maintainer seems [unreachable](https://github.com/chyh1990/yaml-rust/issues/197).
+
+Many issues and pull requests have been submitted over the years
+without any [response](https://github.com/chyh1990/yaml-rust/issues/160).
+
+## Alternatives
+
+Consider switching to the actively maintained `yaml-rust2` fork of the original project:
+
+- [yaml-rust2](https://github.com/Ethiraric/yaml-rust2)
+- [yaml-rust2 @ crates.io](https://crates.io/crates/yaml-rust2))