John Vandenberg
John Vandenberg
https://github.com/sdf-labs/dbt-serde-yaml is another alternative - it depends on `unsafe-libyaml`.
https://github.com/romnn/yaml-spanned based on https://crates.io/crates/libyaml-safer
I have created PR https://github.com/rustsec/advisory-db/pull/2397 for serde_yml (i.e. not serde_yaml which is PR https://github.com/rustsec/advisory-db/pull/2023 but has stalled)
https://crates.io/crates/serde-saphyr created recently.
Also https://github.com/saphyr-rs/saphyr/issues/66 suggests another crate coming.
I've tried [serde-saphyr](https://crates.io/crates/serde-saphyr), and it is by far the best so far of the crates which dont depend on libyaml under the hood. The parser in saphyr isnt as complete...
I've now played around with https://crates.io/crates/yaml-spanned 's serde support. Its API is a bit different, and not well documented, so here is an example: ```rust yaml_spanned::from_value::( &yaml_spanned::from_str(&string) .map_err(serde::de::Error::custom)? .into(), )...
yaml-spanned and its underlying https://github.com/simonask/libyaml-safer provide identical parsing/deserialisation to serde_yaml. However it doesnt provide `to_string`/serialisation. The workaround I went with is using `let json = json5::to_string(value)` , and then `yaml_rust2::YamlLoader::load_from_str(json)`...
I have created https://github.com/rustsec/advisory-db/pull/2459 I intentionally neglected to neither recommend serde_yaml forks with their own fork of unsafe-libyaml, like serde_norway, nor did I include them in the RUSTSEC as defective....
I've found the problem. https://mvnrepository.com/artifact/com.pinterest/ktlint ends up downloading the following files into the workspace ``` annotations-13.0.jar kotlin-script-runtime-1.9.10.jar ktlint-cli-reporter-baseline-1.0.0.jar ktlint-cli-reporter-sarif-1.0.0.jar mainClass buildSuccess kotlin-stdlib-1.9.10.jar ktlint-cli-reporter-checkstyle-1.0.0.jar ktlint-cli-ruleset-core-1.0.0.jar picocli-4.7.5.jar coordinates.txt kotlin-stdlib-common-1.9.0.jar ktlint-cli-reporter-core-1.0.0.jar ktlint-logger-1.0.0.jar poko-annotations-jvm-0.15.0.jar...