Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Serde crate showing question mark #137

Open
schoenenberg opened this issue Nov 10, 2020 · 2 comments
Open

Serde crate showing question mark #137

schoenenberg opened this issue Nov 10, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@schoenenberg
Copy link

schoenenberg commented Nov 10, 2020

Hi,
i just have installed cargo-geiger to see, which of my dependencies contain unsafe code and I found the serde crate (1.0.117) with a question mark, although it contains #[forbid(unsafe_code)] (see https://github.com/serde-rs/serde/blob/master/serde/src/lib.rs#L139).

I am not sure if this was already reported. Please close this if this is a duplicate..

Best regards,
Maximilian

@anderejd
Copy link
Contributor

Thanks for the report!

This could be related to #116

@pinkforest
Copy link
Collaborator

Looking at serde 1.0.117 -

serde/src/lib.rs:#![forbid(unsafe_code)]
test_suite/tests/test_ser.rs:    let path = unsafe { str::from_utf8_unchecked(b"Hello \xF0\x90\x80World") };
test_suite/no_std/src/main.rs:    unsafe {

Yes we will have to manage test suite / dev dep handling differently.

Just curiosity wise as well unrelated to this error -

serde has unsafe as of now

src/ser/impls.rs: serializer.serialize_str(unsafe { str::from_utf8_unchecked(&buf[..written]) })

0/0        4/4          0/0    0/0     0/0      !  ├── serde 1.0.133

Action(s) To Resolve The Issue

  • Figure out the better way to report on development dependencies separately
  • Document the approach chosen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants