New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace unmaintained cbor implementation #587
Comments
rustc-serialize 0.3.20 is the oldest version that compiles, for future reference. |
In addition to replacing cbor we also need |
Since it's only used in test I think just using
Security vulnerabilities shouldn't be a problem unless they start needlessly annoying people using
No, that's actually our |
I think we need to move away from cbor, because right now we cannot compile this library with |
I'm pretty skeptical of using |
Actually we can if we rename
Yeah, while it's annoying to have to test multiple formats it seems to be the least bad solution. |
I noticed when trying to check minimal dependency versions that cbor depends on rustc_serialize 0.3.0 (lol) which doesn't compile. rustc_serialize 0.3.24 does compile, so there is no problem, except when you try to use
-Z minimal-versions
.However apparently, cbor has been unmaintained for the last 4 years.. Furthermore, its replacement
serde_cbor
has been unmaintained for 18 months. So maybe we need to move away from it anyway.It looks like a good replacement would be minicbor but I haven't investigated yet. Noting for later.
The text was updated successfully, but these errors were encountered: