From c4778596cd3f3b1001ca35bd6960fc1b139746ea Mon Sep 17 00:00:00 2001
From: Piotr Orzechowski <piotr@orzechowski.tech>
Date: Wed, 27 Mar 2024 07:35:35 +0100
Subject: [PATCH] Switch from yaml-rust to yaml-rust2 dependency

This is because yaml-rust is unmaintained and thus has been reported in
[RUSTSEC-2024-0320](https://rustsec.org/advisories/RUSTSEC-2024-0320).

Signed-off-by: Piotr Orzechowski <piotr@orzechowski.tech>
---
 Cargo.lock                | 75 +++++++++++++++++++++++++++++++++------
 Cargo.toml                |  4 +--
 README.md                 |  2 +-
 src/file/format/mod.rs    |  2 +-
 src/file/format/yaml.rs   |  2 +-
 tests/file_yaml.rs        |  3 +-
 tests/legacy/file_yaml.rs |  3 +-
 7 files changed, 71 insertions(+), 20 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 075c8a85..a1940446 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -17,6 +17,24 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
+[[package]]
+name = "ahash"
+version = "0.8.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "version_check",
+ "zerocopy",
+]
+
+[[package]]
+name = "allocator-api2"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5"
+
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@@ -32,6 +50,12 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "arraydeque"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d902e3d592a523def97af8f317b08ce16b7ab854c1985a0c671e6f15cebc236"
+
 [[package]]
 name = "async-trait"
 version = "0.1.74"
@@ -169,7 +193,7 @@ dependencies = [
  "tokio",
  "toml",
  "warp",
- "yaml-rust",
+ "yaml-rust2",
 ]
 
 [[package]]
@@ -531,6 +555,19 @@ name = "hashbrown"
 version = "0.14.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156"
+dependencies = [
+ "ahash",
+ "allocator-api2",
+]
+
+[[package]]
+name = "hashlink"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7"
+dependencies = [
+ "hashbrown 0.14.2",
+]
 
 [[package]]
 name = "headers"
@@ -771,12 +808,6 @@ version = "0.2.149"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b"
 
-[[package]]
-name = "linked-hash-map"
-version = "0.5.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.4.10"
@@ -2123,10 +2154,32 @@ dependencies = [
 ]
 
 [[package]]
-name = "yaml-rust"
-version = "0.4.5"
+name = "yaml-rust2"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85"
+checksum = "498f4d102a79ea1c9d4dd27573c0fc96ad74c023e8da38484e47883076da25fb"
 dependencies = [
- "linked-hash-map",
+ "arraydeque",
+ "encoding_rs",
+ "hashlink",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.7.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.7.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index ca49961d..b47d3eb5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,7 +17,7 @@ maintenance = { status = "actively-developed" }
 [features]
 default = ["toml", "json", "yaml", "ini", "ron", "json5", "convert-case", "async"]
 json = ["serde_json"]
-yaml = ["yaml-rust"]
+yaml = ["yaml-rust2"]
 ini = ["rust-ini"]
 json5 = ["json5_rs", "serde/derive"]
 convert-case = ["convert_case"]
@@ -32,7 +32,7 @@ nom = "7"
 async-trait = { version = "0.1", optional = true }
 toml = { version = "0.8", optional = true }
 serde_json = { version = "1.0", optional = true }
-yaml-rust = { version = "0.4", optional = true }
+yaml-rust2 = { version = "0.8", optional = true }
 rust-ini = { version = "0.20", optional = true }
 ron = { version = "0.8", optional = true }
 json5_rs = { version = "0.4", optional = true, package = "json5" }
diff --git a/README.md b/README.md
index 7d35fab4..58a59c3f 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@
 
 [JSON]: https://github.com/serde-rs/json
 [TOML]: https://github.com/toml-lang/toml
-[YAML]: https://github.com/chyh1990/yaml-rust
+[YAML]: https://github.com/Ethiraric/yaml-rust2
 [INI]: https://github.com/zonyitoo/rust-ini
 [RON]: https://github.com/ron-rs/ron
 [JSON5]: https://github.com/callum-oakley/json5-rs
diff --git a/src/file/format/mod.rs b/src/file/format/mod.rs
index 025e98a9..76489d4f 100644
--- a/src/file/format/mod.rs
+++ b/src/file/format/mod.rs
@@ -40,7 +40,7 @@ pub enum FileFormat {
     #[cfg(feature = "json")]
     Json,
 
-    /// YAML (parsed with yaml_rust)
+    /// YAML (parsed with yaml_rust2)
     #[cfg(feature = "yaml")]
     Yaml,
 
diff --git a/src/file/format/yaml.rs b/src/file/format/yaml.rs
index b35ba4d9..63189c7a 100644
--- a/src/file/format/yaml.rs
+++ b/src/file/format/yaml.rs
@@ -2,7 +2,7 @@ use std::error::Error;
 use std::fmt;
 use std::mem;
 
-use yaml_rust as yaml;
+use yaml_rust2 as yaml;
 
 use crate::format;
 use crate::map::Map;
diff --git a/tests/file_yaml.rs b/tests/file_yaml.rs
index b961c2a6..80cf461c 100644
--- a/tests/file_yaml.rs
+++ b/tests/file_yaml.rs
@@ -85,8 +85,7 @@ fn test_error_parse() {
     assert_eq!(
         res.unwrap_err().to_string(),
         format!(
-            "while parsing a block mapping, did not find expected key at \
-         line 2 column 1 in {}",
+            "simple key expect ':' at byte 21 line 3 column 1 in {}",
             path_with_extension.display()
         )
     );
diff --git a/tests/legacy/file_yaml.rs b/tests/legacy/file_yaml.rs
index 21d41384..9d438a35 100644
--- a/tests/legacy/file_yaml.rs
+++ b/tests/legacy/file_yaml.rs
@@ -85,8 +85,7 @@ fn test_error_parse() {
     assert_eq!(
         res.unwrap_err().to_string(),
         format!(
-            "while parsing a block mapping, did not find expected key at \
-         line 2 column 1 in {}",
+            "simple key expect ':' at byte 21 line 3 column 1 in {}",
             path_with_extension.display()
         )
     );