Security critical depends

[johan-smits]

When you run cargo audit on the current master branch you get these vulnerabilities:

Crate:     rustc-serialize
Version:   0.3.24
Title:     Stack overflow in rustc_serialize when parsing deeply nested JSON
Date:      2022-01-01
ID:        RUSTSEC-2022-0004
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0004
Solution:  No fixed upgrade is available!
Dependency tree:
rustc-serialize 0.3.24
└── rustc-test 0.3.1
    └── go_to_rust 0.1.1
        └── aws_lambda_events_codegen 0.1.2

Crate:     time
Version:   0.1.44
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.44
├── rustc-test 0.3.1
│   └── go_to_rust 0.1.1
│       └── aws_lambda_events_codegen 0.1.2
└── chrono 0.4.22
    └── aws_lambda_events 0.7.0

One can be solved with: #110 but the others they cannot.

The project rustc-serialize is archived, so I don't know solve this. But since it is only used when generation it is not so bad?

[calavera]

Thanks for opening this ticket!

aws_lambda_events_codegen is only used for development, and barely utilized these days. I'm ok with taking that risk. I'm closing this issue as fixed now that #110 has been merged and could impact users. I'll release a patch version later today with the fix.