difftreelog
fix avoid problematic serde release
in: master
It doesn't work with the downstream nix users of jrsonnet, and may cause security issues. Upstream issue: https://github.com/serde-rs/serde/issues/2538
7 files changed
Cargo.tomldiffbeforeafterboth--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,6 +16,9 @@
jrsonnet-gcmodule = "0.3.6"
+# <= 1.0.171 due to serde-rs/serde#2538
+serde = { version = ">= 1.0.126, <= 1.0.171" }
+
#[profile.test]
#opt-level = 1
cmds/jrsonnet/Cargo.tomldiffbeforeafterboth--- a/cmds/jrsonnet/Cargo.toml
+++ b/cmds/jrsonnet/Cargo.toml
@@ -42,3 +42,5 @@
thiserror = "1.0"
clap = { version = "4.1", features = ["derive"] }
clap_complete = { version = "4.1" }
+serde_json = "1.0.104"
+serde = { workspace = true, features = ["derive"] }
crates/jrsonnet-evaluator/Cargo.tomldiffbeforeafterboth1[package]2name = "jrsonnet-evaluator"3description = "jsonnet interpreter"4version.workspace = true5repository.workspace = true6authors = ["Yaroslav Bolyukin <iam@lach.pw>"]7license = "MIT"8edition = "2021"910[features]11default = ["explaining-traces"]12# Rustc-like trace visualization13explaining-traces = ["annotate-snippets"]14# Allows library authors to throw custom errors15anyhow-error = ["anyhow"]16# Adds ability to build import closure in async17async-import = ["async-trait"]1819# Allows to preserve field order in objects20exp-preserve-order = []21# Implements field destructuring22exp-destruct = ["jrsonnet-parser/exp-destruct"]23# Iteration over objects yields [key, value] elements24exp-object-iteration = []25# Bigint type26exp-bigint = ["num-bigint", "jrsonnet-types/exp-bigint"]27# obj?.field, obj?.['field']28exp-null-coaelse = ["jrsonnet-parser/exp-null-coaelse"]2930# Improves performance, and implements some useful things using nightly-only features31nightly = ["hashbrown/nightly"]3233[dependencies]34jrsonnet-interner.workspace = true35jrsonnet-parser.workspace = true36jrsonnet-types.workspace = true37jrsonnet-macros.workspace = true38jrsonnet-gcmodule.workspace = true3940pathdiff = "0.2.1"41hashbrown = "0.13.2"42static_assertions = "1.1"4344rustc-hash = "1.1"4546thiserror = "1.0"47# Friendly errors48strsim = { version = "0.10.0" }4950serde.workspace = true5152anyhow = { version = "1.0", optional = true }53# Serialized stdlib54bincode = { version = "1.3", optional = true }55# Explaining traces56annotate-snippets = { version = "0.9.1", features = ["color"], optional = true }57# Async imports58async-trait = { version = "0.1.60", optional = true }59# Bigint60num-bigint = { version = "0.4.3", features = ["serde"], optional = true }61derivative = "2.2.0"crates/jrsonnet-interner/Cargo.tomldiffbeforeafterboth--- a/crates/jrsonnet-interner/Cargo.toml
+++ b/crates/jrsonnet-interner/Cargo.toml
@@ -19,7 +19,7 @@
[dependencies]
jrsonnet-gcmodule.workspace = true
-serde = { version = "1.0", optional = true }
+serde = { workspace = true, optional = true }
structdump = { version = "0.2.0", optional = true }
rustc-hash = "1.1"
crates/jrsonnet-parser/Cargo.tomldiffbeforeafterboth--- a/crates/jrsonnet-parser/Cargo.toml
+++ b/crates/jrsonnet-parser/Cargo.toml
@@ -35,5 +35,5 @@
peg = "0.8.1"
-serde = { version = "1.0", features = ["derive", "rc"], optional = true }
+serde = { workspace = true, features = ["derive", "rc"], optional = true }
structdump = { version = "0.2.0", features = ["derive"], optional = true }
crates/jrsonnet-stdlib/Cargo.tomldiffbeforeafterboth--- a/crates/jrsonnet-stdlib/Cargo.toml
+++ b/crates/jrsonnet-stdlib/Cargo.toml
@@ -30,7 +30,7 @@
# Used for stdlib AST serialization
bincode = { version = "1.3", optional = true }
# Used both for stdlib AST serialization and std.parseJson/std.parseYaml
-serde = "1.0"
+serde.workspace = true
# std.md5
md5 = "0.7.0"
tests/Cargo.tomldiffbeforeafterboth--- a/tests/Cargo.toml
+++ b/tests/Cargo.toml
@@ -8,4 +8,4 @@
jrsonnet-evaluator.workspace = true
jrsonnet-gcmodule.workspace = true
jrsonnet-stdlib.workspace = true
-serde = "1.0.142"
+serde.workspace = true