serde-yaml
Strongly typed YAML library for Rust (by dtolnay)
advisory-db
Security advisory database for Rust crates published through crates.io (by rustsec)
serde-yaml | advisory-db | |
---|---|---|
14 | 37 | |
928 | 859 | |
- | 2.3% | |
8.0 | 9.3 | |
about 1 month ago | 5 days ago | |
Rust | ||
Apache License 2.0 | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
serde-yaml
Posts with mentions or reviews of serde-yaml.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-03-26.
- Serde-YAML for Rust has been archived
- YAML decoder for rust discontinued do to maintainer "not using YAML anymore"
-
Project idea: port markdownlint to Rust
Either https://github.com/chyh1990/yaml-rust or https://github.com/dtolnay/serde-yaml for parsing the YAML config file that markdownlint uses
-
A question for all those that use Python
Serde for most of your input and output formats, with the serde-yaml and csv crates for format backends.
-
Why do we need configuration? Creating and handling configuration files in Rust
serde_yaml
-
Introduction to Rust generics [1/2]: Traits
This is especially useful for data deserialization: Just by implementing the Serialize and Deserialize traits from the serde crate, the (almost) universally used serialization library in the Rust world, we can then serialize and deserialize our types to a lot of data formats: JSON, YAML, TOML, BSON and so on...
-
Weird error only on android: "this struct takes 3 generic arguments but 2 generic arguments were supplied" for serde_json
FYI, I opened pull requests for serde_json and serde_yaml to explicitly enable indexmap/std, and dtolnay already merged and published them both!
-
anyone using rust in production? what do you do?
Pair that with Serde for serialization/deserialization (JSON, TOML, YAML, CSV/TSV, XML, URL query strings, etc.), Figment for configuration, and ignore for filesystem traversal with blacklist support, and Rust is a real joy for writing CLI utilities.
-
Walking a Yaml to file to Build an abstract syntax tree
I see that are packages like https://github.com/dtolnay/serde-yaml and the parser where serde is built on that give a Yaml representation, but I don't see any way to walk through it in a generic way with a Visitor.
-
Getting Started with Hippo - a WebAssembly PaaS (Part 3)
With the understanding we’ve built of the runtime environment, I feel ready to start porting a simple CLI I’ve built in Rust to run in WebAssembly as a service hosted in Hippo. [The project we’ll start with is J2Y(https://github.com/smurawski/j2y/tree/1-getting-started) – which is a little Rust application that converts JSON to YAML or YAML to JSON. We’ll adapt this to, depending on the target, either be a CLI or a WebAssembly binary to run in WAGI. The heavy lifting of the conversion is done by the serde-json and the serde-yaml crates.
advisory-db
Posts with mentions or reviews of advisory-db.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-03-26.
- Serde-YAML for Rust has been archived
- When Zig is safer and faster than Rust
-
Advisory: Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
You might also want to add this to https://github.com/rustsec/advisory-db so that cargo audit and Dependabot surface it.
-
"This type of secure-by-default functionality is why we love Go"
The behavior of not extracting outside the specified directory has been the default since forever in Rust's tar. And then it had two RUSTSEC advisories for not handling this correctly in certain corner cases. The latest one in 2021.
-
greater supply chain attack risk due to large dependency trees?
cargo-audit only checks for known issues reported to a vulnerability database.
- capnproto-rust: out-of-bound memory access bug
-
`cargo audit` can now scan compiled binaries
However, I keep getting this error when running cargo audit bin ~/.cargo/bin/*, even if I replace * with a specific binary: Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 467 security advisories (from C:\Users\jonah\.cargo\advisory-db) Updating crates.io index error: I/O operation failed: The system cannot find the path specified. (os error 3) I'm on Windows 10.
-
MIA Github Assignee on very minor PR
I usually open an issue asking if the crate is still maintained. If there isn't a response for a decent amount of time (like multiple months) and the crate is somewhat popular then it could be worth opening an unmaintained advisory in the advisory-db
-
RustSec Advisory Database Visualization
Here is the visualization of RustSec Advisory Database. I hope it will be helpful. If you need any more charts, feel free to comment.
-
Github Dependency graph adds vulnerability alerting support for Rust
FWIW the RustSec database is still not synced into the Github databse on a regular basis, even though they did an initial import of it. So the cargo audit github action is still relevant.
What are some alternatives?
When comparing serde-yaml and advisory-db you can also consider the following projects:
yaml-rust - A pure rust YAML implementation.
cargo-deny - ❌ Cargo plugin for linting your dependencies 🦀
libyaml-rust - LibYAML bindings for Rust
chrono - Date and time library for Rust
json - Strongly typed JSON library for Rust
vulndb - [mirror] The Go Vulnerability Database
serde - Serialization framework for Rust
rustsec - RustSec API & Tooling
toml-rs - A TOML encoding/decoding library for Rust
Rudra - Rust Memory Safety & Undefined Behavior Detection
stfu8 - Sorta Text Format in UTF-8
dwflist - The DWF IDs