Backport Vec<ZST> deserialisation fix to 0.10.x

[mina86]

Would it be possible to get commit e880d8786cb16aa9a3f258e7503932445d708df7 backported to 0.10.x branch and released? Not all code bases have upgraded to 1.x yet and now GitHub is complaining about moderate security issue.

https://github.com/mina86/borsh-rs/tree/0.10.4 has all the necessary commits.

[dj8yfo]

@mina86 would it contradict your purpose to also bump MSRV to 1.66 in your branch and change workspace syntax to newer one:

(workspace.metadata.workspaces doesn't look to be normal anymore) https://github.com/mina86/borsh-rs/blob/0.10.4/Cargo.toml#L11-L13 https://github.com/mina86/borsh-rs/blob/0.10.4/borsh/Cargo.toml#L3

to

https://github.com/near/borsh-rs/blob/master/Cargo.toml#L4-L7 https://github.com/near/borsh-rs/blob/master/borsh/Cargo.toml#L3 ?

[mina86]

I’m not sure what you mean. This is a backport so I only care about the one commit that addresses the RUSTSEC vulnerability. I’m currently successfully using 0.10.3 in a bunch of projects so keeping MSRV and format of Cargo.toml files as they are in 0.10.3 is perfectly fine by me.