This minor release addresses a security flaw that leaked uninitialized memory through struct padding. The fix required an API change for resolving, but should have no performance impacts. Thanks to @as-com for reporting the issue.
Note that ArchiveCopy types may still leak uninitialized memory in their padding bytes, and should be avoided on types that contain large blocks of padding. In practice, this is usually only an issue for enums. You can still use these types safely by removing #[archive(copy)].
v0.5.2
This minor release fixes an issue with AlignedVec that caused its Drop implementation not to deallocate memory.
v0.5.1
This minor release provides more flexible serialization for BufferSerializer and adds AlignedSerializer, a new higher-performance serializer. It also cleans up some documentation and moves a few things around for tidiness.
v0.5.0
Version 0.5 brings bugfixes, ergonomics improvements, and new features:
#86 Type bounds for serialization and deserialization can now be specified with #[archive(bound(serialize = "...", deserialize = "..."))]
#73 Inlining is now performed more aggressively, which leads to considerable performance gains on average
#96 Switching unreachable! to unreachable_unchecked should give a few small performance gains
#68PartialEq and PartialOrd can now be implemented between original and archived types with #[archive(compare(PartialEq, PartialOrd))]
#82 A number of issues with derives have been fixed after a refactor and cleanup pass
#95 Safety documentation has been normalized and clarified
#93 Const generics support has been enabled by default. It can be turned off for compatibility with older versions by removing the const_generics default feature
#91 A few existing functions have been renamed to clarify what they do and their relationships to other types
#92 Helper functions have been added to get root objects without storing position
Thanks to everyone who provided suggestions and pull requests!
v0.4.3
This release brings a few small features and a bugfix:
The AlignedVec helper has been added, making it easier to ensure that byte buffers are properly aligned when accessing and deserializing. Docs have been updated to use AlignedVec where needed. Note that Vec is still perfectly fine for serializing and writing.
Debug assertions have been added to archived_value and related functions to ensure that the buffer provided is properly aligned for the root type. This doesn't ensure that the entire buffer is properly aligned for all types inside it, use check_archive to ensure that.
#89 An issue with deserializing 0-length slices, strings, and vectors has been fixed. This doesn't seem to have occurred under the default allocator but could with jemalloc and others.
v0.4.2
This release includes a few minor features and a bugfix:
#83 (possibly) Archive alignments are now validated along with type alignments
#81 Adds an Archive implementation for core::time::Duration
#79 Adds the Infallible type to make it easier to deserialize types that cannot fail
v0.4.1
This hotfix update fixes no_std support and some dependency issues in the test crate that were preventing it from being properly tested.
v0.4.0
This release changes some major APIs and adds shared pointer support:
#32 Introduces new context traits in place of the previous context struct.
#33 Allows serialization parameterization over the type of the serializer, allowing users to choose the complexity of their serializers and create their own.
#34 Renames Unarchive to Deserialize.
#35 Splits Archive into Serialize to allow a clean hierarchy while still enabling parameterization.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/only-cliches/NoProto/network/alerts).
Bumps rkyv from 0.3.0 to 0.6.0.
Release notes
Sourced from rkyv's releases.
... (truncated)
Commits
ec83f7cRelease 0.6.058f3b6cFix tests and a few warnings6d739a1Clean up some docs235dea0Format and appease clippy2e6252cAdd a one-shot bench binary for testingbd47681Fix array serialization for ZSTs9c65ae9Fix more sneaky uninitialized memory issuesf141b56Zero aligned memory before resolvinga55122fFix rkyv_dyn and examplesb07ca5cGet derive macros working againDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/only-cliches/NoProto/network/alerts).