Open backspace opened 2 months ago
@backspace Not sure how I missed this issue, thanks for bringing it into my attention. I will check this out to see if we are affected by the bug or not, and will release a new version with updated dependencies. Regarding it being a breaking change, I don't believe so. lexical is not directly exposed to the end user and is only used internally, so it should be safe to upgrade or replace.
@backspace I took a look into it today, and it looks like we might not be affected by the bug. But I think it would still make sense to dump lexical, since it looks unmaintained.
Replacing integer parsing with atoi
was straight forward, and I've already implemented that, replacing float parsing on the other hand, was not.
Rust doesn't provide direct ascii &[u8]
to f32
|f64
parsing and we will need to perform utf-8 checking and get a str
first. I believe that would not be wise to do, since float parsing does not require such implications to work, at least as far as I know. Do you have any idea how we can get around that, considering we don't actually know if the provided bytes slice is valid utf-8?
Do you have any idea how we can get around that
I’m sorry, I don’t! I’m too new to Rust to be of help 😞
@backspace Thanks a lot for the report, that was more than enough buddy, no worries. I pushed a commit today and will hopefully release it soon.
Hey, thanks for your work on this, I used it in an Axum application where I was receiving duplicate query parameters and your library could handle it, unlike the built-in extractor.
I’ve been getting security audit errors about the dependency on
lexical
:I’m pretty new to Rust and not that confident about attempting the suggested alternatives, but I could give it a try if you don’t have capacity. I assume this would be a breaking change 🤔