Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update simd-json to remove security vulnerability #757

Merged
merged 1 commit into from
Sep 18, 2024

Conversation

jeffcharles
Copy link
Collaborator

Description of the change

Updating simd-json to a version that does not use lexical-core.

I've also performed some additional sanity testing and it does not look like this breaks JSON behaviour.

Why am I making this change?

To resolve https://github.com/bytecodealliance/javy/security/dependabot/49.

Checklist

  • I've updated the relevant CHANGELOG files if necessary. Changes to javy-cli and javy-core do not require updating CHANGELOG files.
  • I've updated the relevant crate versions if necessary. Versioning policy for library crates
  • I've updated documentation including crate documentation if necessary.

@saulecabrera
Copy link
Member

A new javy (the crate) release might make sense after this PR lands?

@jeffcharles
Copy link
Collaborator Author

Yeah I can do that

@jeffcharles jeffcharles merged commit f1f25ed into main Sep 18, 2024
7 checks passed
@jeffcharles jeffcharles deleted the jc.update-simdjson branch September 18, 2024 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants