GHSA-hhw4-xg65-fp2x

Описание

Using serde_yml::ser::Serializer.emitter can cause a segmentation fault, which is unsound.

The GitHub project for serde_yml was archived after unsoundness issues were raised.

If you rely on this crate, it is highly recommended switching to a maintained alternative.

Recommended alternatives

• serde_norway - Maintained fork of serde_yaml, using unsafe-libyaml-norway
• serde_yaml_ng - Maintained fork of serde_yaml, using unmaintained unsafe-libyaml

Incomplete pure Rust alternatives

These implementation do not rely on C libyaml.

• serde_yaml2
• yaml-peg