oli/rdbms-playground
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
be7b0788782f55da6865b5bda7b42360ef4d7890
rdbms-playground/Cargo.toml
T
claude@clouddev1 9e2372b039 fix: migrate off unsound serde_yml to serde_norway 
serde_yml (RUSTSEC-2025-0068) and its libyml backend
(RUSTSEC-2025-0067) are archived, unsound, and unmaintained with no
patched version. Swap to serde_norway, the maintained serde_yaml fork
on unsafe-libyaml-norway — a drop-in for our from_str / to_string /
Value usage across persistence, undo, and the catalog parser.

Clears both advisories (cargo audit / osv-scanner / grype all clean;
serde_yml + libyml gone from the tree). No behaviour change; full
suite 2151/0/1.
2026-06-02 14:34:34 +00:00

59 lines
2.2 KiB
TOML
Raw Blame History

[package]
name = "rdbms-playground"
version = "0.1.0"
edition = "2024"
description = "A cross-platform TUI playground for learning relational databases."
license = "MIT OR Apache-2.0"
repository = "https://github.com/sturm/rdbms-playground"
readme = "README.md"
publish = false
[dependencies]
anyhow = "1.0.102"
# Native system-clipboard for the `copy` command (ADR-0041). Text
# only: `default-features = false` drops the heavy `image` crate. On
# Linux this is X11-only — `wayland-data-control` is deliberately
# omitted (it ~doubles the dep tree), as OSC 52 covers native-Wayland
# sessions and XWayland covers the rest.
arboard = { version = "3.6.1", default-features = false }
base64 = "0.22.1"
# `clock` brings local-timezone support (UTC → machine local) for
# the undo-dialog snapshot timestamp (issue #13). No locale feature:
# month names stay English; `unstable-locales` is deliberately avoided.
chrono = { version = "0.4.44", default-features = false, features = ["clock"] }
crossterm = { version = "0.29.0", features = ["event-stream"] }
csv = "1.4.0"
directories = "6.0.0"
futures-util = "0.3.32"
gethostname = "1.1.0"
rand = "0.10.1"
ratatui = "0.30.0"
rusqlite = { version = "0.39.0", features = ["backup", "bundled", "column_metadata"] }
serde = { version = "1.0.228", features = ["derive"] }
# Maintained fork of `serde_yaml` (the deprecated original). Replaces
# `serde_yml`, which was archived as unsound + unmaintained
# (RUSTSEC-2025-0068, and its `libyml` backend RUSTSEC-2025-0067).
serde_norway = "0.9.42"
sysinfo = { version = "0.39.0", default-features = false, features = ["system"] }
tokio = { version = "1.52.2", features = ["full"] }
tracing = "0.1.44"
tracing-subscriber = { version = "0.3.23", features = ["env-filter"] }
zip = { version = "5.1.1", default-features = false, features = ["deflate"] }
[dev-dependencies]
insta = { version = "1.47.2", features = ["yaml"] }
pretty_assertions = "1.4.1"
tempfile = "3.27.0"
[lints.rust]
unsafe_code = "forbid"
unreachable_pub = "warn"
[lints.clippy]
all = { level = "warn", priority = -1 }
nursery = { level = "warn", priority = -1 }
# Allow common false-positives that don't materially improve our code.
module_name_repetitions = "allow"
missing_errors_doc = "allow"
missing_panics_doc = "allow"
Reference in New Issue View Git Blame Copy Permalink