-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid using JSON internally #139
Comments
Are there any REAL problems with the library? Are there any bugs or security issues with it? An alternative wold be to get rid of the json library alltogether. |
Pull requests are welcome ;) |
It contains undefined behaviour if https://rustsec.org/advisories/RUSTSEC-2022-0081 lists some alternatives,
Sounds like a viable solution as well, I'll try to look into it in the near future. |
I will keep the issue open as there is really no need for any json library. We should just remove it. |
Certainly, I don’t have enough time to spend on it to understand what’s happening there and do proper refactoring. |
json
dependency that is unmaintained and unsound
Describe the bug you encountered:
Cargo-deny reports several issues when adding this crate to the tree. One of them is related tojson
crate that is unmaintained and unsound.It'd be welcome if this crate could migrate to one of alternatives listed in the advisory.
The
json
crate is no longer used, but the JSON format is still unnecessarily used and should be refactored away.What did you expect to happen instead?
Clean report from cargo-deny.
How did you install
pyroscope-rs
?Added it as a dependency to one of the crates in the project.
version:
pyroscope 0.5.7
os: Ubuntu 22.04
The text was updated successfully, but these errors were encountered: