Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Report json as unmaintained #1536

Merged
merged 6 commits into from
Jan 19, 2023
Merged

Conversation

ecton
Copy link
Contributor

@ecton ecton commented Jan 18, 2023

A thread on Reddit yesterday led me to investigate a few different JSON crates in the ecosystem. One of the most popular ones beyond serde-json that reported fast benchmarks is json. I investigated it and discovered users have asked if the project is abandoned without reponse. Given how popular this crate appears to be given the recent downloads, I felt an unmaintained advisory was warranted.

Scanning the issues list, I also found this issue that may introduce undefined behavior. This triggers a Miri error under the stacked borrows model, but I'm not sure if that's enough to warrant a mention in the advisory or not.

@ecton ecton force-pushed the json-unmaintained branch from d9a499b to b896e66 Compare January 18, 2023 16:23
@pinkforest pinkforest added the Unmaintained Informational / Unmaintained label Jan 19, 2023
@pinkforest
Copy link
Contributor

pinkforest commented Jan 19, 2023

Hey ecton thanks a lot for the contribution :) I gotta just align the date to when it's reported as we align to to other security database standard on that + refer to the soudness issue 🥳

btw I found there was also: https://crates.io/crates/simd-json

@pinkforest pinkforest merged commit 1e33429 into rustsec:main Jan 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Unmaintained Informational / Unmaintained
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants