search

zombodb / zombodb

Making Postgres and Elasticsearch work together like it's 2023
https://www.zombodb.com/
Other
4.68k stars 212 forks source link

serde_cbor is unmaintained #728

Open alekitto opened 2 years ago

alekitto commented 2 years ago

This project still uses serde_cbor which has been abandoned by its author and its repository has been archived. Unfortunately that library sometimes fails to decode valid cbor streams, which is the cause of errors like the one reported on #643.

This is not an issue right now as supported ES versions produce outputs decodable from the library, but potentially could be in the future.

The author proposed two alternatives:

RUSTSEC-2021-0127

eeeebbbbrrrr commented 2 years ago

Thanks for the heads-up on this. It's clearly something I hadn't realized. We probably need to fix up pgx as well.

eeeebbbbrrrr commented 2 years ago

Circling back to this... I spent some time many months ago looking into minicbor and ciborium and they failed pretty quickly with ZDB. I suppose either they're not perfect cbor impls or ES is sending something incorrect that serde_cbor can handle.

I'm not exactly sure what to do. I once considered just taking over serde_cbor maintenance, but at the end of the day, I don't have time to maintain it.