search

chyh1990 / yaml-rust

A pure rust YAML implementation.
Apache License 2.0
601 stars 138 forks source link

bump linked hashmap to 5.3+ #162

Closed Dylan-DPC-zz closed 4 years ago

Dylan-DPC-zz commented 4 years ago

Older versions of linked-hashmap are unsound so it is better if this repository doesn't depend on those.

Advisory: https://github.com/RustSec/advisory-db/issues/298

If you need further guidance, you can consult the wg-secure-code on Rust Zulip

lopopolo commented 3 years ago

@chyh1990 is it possible to get a version with this fix deployed? The wide version range prevents yaml-rust and serde-yaml from compiling when generating a lockfile with -Z minimal-versions.

$ cargo +nightly generate-lockfile -Z minimal-versions
$ cargo build
$ cargo test
error[E0308]: mismatched types
   --> src/yaml.rs:620:9
    |
620 | /         assert_eq!(
621 | |             Some((Yaml::String("b".to_owned()), Yaml::Null)),
622 | |             iter.next()
623 | |         );
    | |__________^ expected enum `yaml::Yaml`, found `&yaml::Yaml`
    |
    = note: expected enum `Option<(yaml::Yaml, yaml::Yaml)>`
               found enum `Option<(&yaml::Yaml, &yaml::Yaml)>`
    = note: this error originates in a macro (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0308]: mismatched types
   --> src/yaml.rs:624:9
    |
624 | /         assert_eq!(
625 | |             Some((Yaml::String("a".to_owned()), Yaml::Null)),
626 | |             iter.next()
627 | |         );
    | |__________^ expected enum `yaml::Yaml`, found `&yaml::Yaml`
    |
    = note: expected enum `Option<(yaml::Yaml, yaml::Yaml)>`
               found enum `Option<(&yaml::Yaml, &yaml::Yaml)>`
    = note: this error originates in a macro (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0308]: mismatched types
   --> src/yaml.rs:628:9
    |
628 | /         assert_eq!(
629 | |             Some((Yaml::String("c".to_owned()), Yaml::Null)),
630 | |             iter.next()
631 | |         );
    | |__________^ expected enum `yaml::Yaml`, found `&yaml::Yaml`
    |
    = note: expected enum `Option<(yaml::Yaml, yaml::Yaml)>`
               found enum `Option<(&yaml::Yaml, &yaml::Yaml)>`
    = note: this error originates in a macro (in Nightly builds, run with -Z macro-backtrace for more info)

error: aborting due to 3 previous errors

For more information about this error, try `rustc --explain E0308`.
error: could not compile `yaml-rust`

To learn more, run the command again with --verbose.
warning: build failed, waiting for other jobs to finish...
error: build failed