oli/rdbms-playground
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix: migrate off unsound serde_yml to serde_norway

Browse Source 
serde_yml (RUSTSEC-2025-0068) and its libyml backend
(RUSTSEC-2025-0067) are archived, unsound, and unmaintained with no
patched version. Swap to serde_norway, the maintained serde_yaml fork
on unsafe-libyaml-norway — a drop-in for our from_str / to_string /
Value usage across persistence, undo, and the catalog parser.

Clears both advisories (cargo audit / osv-scanner / grype all clean;
serde_yml + libyml gone from the tree). No behaviour change; full
suite 2151/0/1.
This commit is contained in:
claude@clouddev1
2026-06-02 14:34:34 +00:00
parent c9a92c9c20
commit 9e2372b039
6 changed files with 27 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/persistence/migrations.rs
+1 -1
View File
@@ -281,7 +281,7 @@ fn read_version(body: &str) -> Result<u32, MigrateError> {
struct VersionOnly {
version: u32,
}
let v: VersionOnly = serde_yml::from_str(body).map_err(|e| {
let v: VersionOnly = serde_norway::from_str(body).map_err(|e| {
MigrateError::VersionParse(e.to_string())
})?;
Ok(v.version)