-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: release #146
chore: release #146
Conversation
I am hesitant to cut this release now as it resolves the RUSTSEC issue which might trigger many projects to upgrade borsh to 0.11.1 version and they might fall into the trap of a more severe issue: #138 (comment) (some solution is needed) P.S. It is weird that release-plz suggests cutting 0.12.0 instead of 0.11.1 and dumps too many records to the CHANGELOG (again). These should also be investigated. |
46b31cc
to
68adce5
Compare
It is possible to delay resolving the RustSec issue. It is a manual process after all. But I'm not sure if I understand why we would want to delay the release of #138 |
#138 changes serialisation format and updating to borsh release with it can silently break the code. The usual solution for security fix would be to have a point releases for affected versions. I have a rather brutal opinion of #138. I believe it should have never been merged and that at this point the best course of action is to revert it and yank 0.11 release. Then, this security fix can be cherry picked and released as 0.10.1. |
One option is to add |
2757d9f
to
f158906
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dj8yfo Your updates to the PR look great, and I only want to ask you to update it with the information about the following ones:
- (breaking?) refactor!: Unsplit and removal of *-internal crates #185 (just merged)
- (breaking) Add
#[borsh(use_discriminant = <bool>)]
that change enum discriminant de- and serialization behavior #148 #183:
P.S. And resolve the merge conflict 🙏
f158906
to
76158a0
Compare
I'll take care of the RUSTSEC issue as soon as this gets stable :) |
🤖 New release
borsh
: 0.11.0 -> 1.0.0-alpha.1borsh-derive
: 0.11.0 -> 1.0.0-alpha.1borsh-derive-internal
: 0.11.0 -> 1.0.0-alpha.1borsh-schema-derive-internal
: 0.11.0 -> 1.0.0-alpha.1Changelog
borsh
This PR was generated with release-plz and semi-automatically with @dj8yfo.