difftreelog
fix avoid problematic serde release
in: master
It doesn't work with the downstream nix users of jrsonnet, and may cause security issues. Upstream issue: https://github.com/serde-rs/serde/issues/2538
7 files changed
Cargo.tomldiffbeforeafterboth--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,6 +16,9 @@
jrsonnet-gcmodule = "0.3.6"
+# <= 1.0.171 due to serde-rs/serde#2538
+serde = { version = ">= 1.0.126, <= 1.0.171" }
+
#[profile.test]
#opt-level = 1
cmds/jrsonnet/Cargo.tomldiffbeforeafterboth--- a/cmds/jrsonnet/Cargo.toml
+++ b/cmds/jrsonnet/Cargo.toml
@@ -42,3 +42,5 @@
thiserror = "1.0"
clap = { version = "4.1", features = ["derive"] }
clap_complete = { version = "4.1" }
+serde_json = "1.0.104"
+serde = { workspace = true, features = ["derive"] }
crates/jrsonnet-evaluator/Cargo.tomldiffbeforeafterboth--- a/crates/jrsonnet-evaluator/Cargo.toml
+++ b/crates/jrsonnet-evaluator/Cargo.toml
@@ -47,7 +47,7 @@
# Friendly errors
strsim = { version = "0.10.0" }
-serde = "1.0"
+serde.workspace = true
anyhow = { version = "1.0", optional = true }
# Serialized stdlib
crates/jrsonnet-interner/Cargo.tomldiffbeforeafterboth--- a/crates/jrsonnet-interner/Cargo.toml
+++ b/crates/jrsonnet-interner/Cargo.toml
@@ -19,7 +19,7 @@
[dependencies]
jrsonnet-gcmodule.workspace = true
-serde = { version = "1.0", optional = true }
+serde = { workspace = true, optional = true }
structdump = { version = "0.2.0", optional = true }
rustc-hash = "1.1"
crates/jrsonnet-parser/Cargo.tomldiffbeforeafterboth--- a/crates/jrsonnet-parser/Cargo.toml
+++ b/crates/jrsonnet-parser/Cargo.toml
@@ -35,5 +35,5 @@
peg = "0.8.1"
-serde = { version = "1.0", features = ["derive", "rc"], optional = true }
+serde = { workspace = true, features = ["derive", "rc"], optional = true }
structdump = { version = "0.2.0", features = ["derive"], optional = true }
crates/jrsonnet-stdlib/Cargo.tomldiffbeforeafterboth1[package]2name = "jrsonnet-stdlib"3description = "jsonnet standard library packaged as crate"4version.workspace = true5repository.workspace = true6authors = ["Yaroslav Bolyukin <iam@lach.pw>"]7license = "MIT"8edition = "2021"910[features]11default = ["codegenerated-stdlib"]12# Speed-up initialization by generating code for parsed stdlib, instead13# of invoking parser for it14codegenerated-stdlib = ["jrsonnet-parser/structdump"]15# Enables legacy `std.thisFile` support, at the cost of worse caching16legacy-this-file = []17# Add order preservation flag to some functions18exp-preserve-order = ["jrsonnet-evaluator/exp-preserve-order"]19# Bigint type20exp-bigint = ["num-bigint", "jrsonnet-evaluator/exp-bigint"]2122exp-null-coaelse = ["jrsonnet-parser/exp-null-coaelse", "jrsonnet-evaluator/exp-null-coaelse"]2324[dependencies]25jrsonnet-evaluator.workspace = true26jrsonnet-macros.workspace = true27jrsonnet-parser.workspace = true28jrsonnet-gcmodule.workspace = true2930# Used for stdlib AST serialization31bincode = { version = "1.3", optional = true }32# Used both for stdlib AST serialization and std.parseJson/std.parseYaml33serde = "1.0"3435# std.md536md5 = "0.7.0"37# std.sha138sha1 = "0.10.5"39# std.sha256, std.sha51240sha2 = "0.10.6"41# std.sha342sha3 = "0.10.8"43# std.base6444base64 = "0.21.0"45# std.parseJson46serde_json = "1.0"47# std.parseYaml, custom library fork is used for C++/golang compatibility48serde_yaml_with_quirks = "0.8.24"4950num-bigint = { version = "0.4.3", optional = true }5152[build-dependencies]53jrsonnet-parser.workspace = true54structdump = { version = "0.2.0", features = ["derive"] }tests/Cargo.tomldiffbeforeafterboth--- a/tests/Cargo.toml
+++ b/tests/Cargo.toml
@@ -8,4 +8,4 @@
jrsonnet-evaluator.workspace = true
jrsonnet-gcmodule.workspace = true
jrsonnet-stdlib.workspace = true
-serde = "1.0.142"
+serde.workspace = true