-
-
Notifications
You must be signed in to change notification settings - Fork 0
fix(serializer): disable MsgpackSerializer and remove shamaton/msgpack dependency #95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,31 +2,44 @@ package serializer | |
|
|
||
| import ( | ||
| "github.com/hyp3rd/ewrap" | ||
| "github.com/shamaton/msgpack/v3" | ||
| ) | ||
|
|
||
| // MsgpackSerializer leverages `msgpack` to serialize the items before storing them in the cache. | ||
| // | ||
| // Deprecated: This serializer is now a shim and will be removed in a future release for security reasons. | ||
| // REF: https://github.com/shamaton/msgpack/pull/60 | ||
| // Please use the `Marshal` method of the `Serializer` interface instead. | ||
| type MsgpackSerializer struct{} | ||
|
Comment on lines
7
to
12
|
||
|
|
||
| // Marshal serializes the given value into a byte slice. | ||
| // @param v. | ||
| func (*MsgpackSerializer) Marshal(v any) ([]byte, error) { // receiver omitted (unused) | ||
| data, err := msgpack.Marshal(&v) | ||
| if err != nil { | ||
| return nil, ewrap.Wrap(err, "failed to marshal msgpack") | ||
| } | ||
| // | ||
| // Deprecated: This method is now a shim and will be removed in a future release for security reasons. | ||
| // REF: https://github.com/shamaton/msgpack/pull/60 | ||
| // Please use the `Marshal` method of the `Serializer` interface instead. | ||
| func (*MsgpackSerializer) Marshal(_ any) ([]byte, error) { // receiver omitted (unused) | ||
| // data, err := msgpack.Marshal(&v) | ||
| // if err != nil { | ||
| // return nil, ewrap.Wrap(err, "failed to marshal msgpack") | ||
| // } | ||
|
|
||
| return data, nil | ||
| // return data, nil | ||
| return nil, ewrap.New("msgpack serialization is deprecated and has been disabled for security reasons") | ||
| } | ||
|
Comment on lines
+20
to
28
|
||
|
|
||
| // Unmarshal deserializes the given byte slice into the given value. | ||
| // @param data | ||
| // @param v. | ||
| func (*MsgpackSerializer) Unmarshal(data []byte, v any) error { // receiver omitted (unused) | ||
| err := msgpack.Unmarshal(data, v) | ||
| if err != nil { | ||
| return ewrap.Wrap(err, "failed to unmarshal msgpack") | ||
| } | ||
| // | ||
| // Deprecated: This method is now a shim and will be removed in a future release for security reasons. | ||
| // REF: https://github.com/shamaton/msgpack/pull/60 | ||
| // Please use the `Unmarshal` method of the `Serializer` interface instead. | ||
| func (*MsgpackSerializer) Unmarshal(_ []byte, _ any) error { // receiver omitted (unused) | ||
| // err := msgpack.Unmarshal(data, v) | ||
| // if err != nil { | ||
| // return ewrap.Wrap(err, "failed to unmarshal msgpack") | ||
| // } | ||
|
|
||
| return nil | ||
| // return nil | ||
| return ewrap.New("msgpack deserialization is deprecated and has been disabled for security reasons") | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
go.mod removes
github.com/shamaton/msgpack/v3, but go.sum still contains checksums for it (e.g. lines 63-64). Please rungo mod tidy(or otherwise clean go.sum) so the dependency removal is reflected consistently.