Serde crate showing question mark

[schoenenberg]

Hi,
i just have installed cargo-geiger to see, which of my dependencies contain unsafe code and I found the serde crate (1.0.117) with a question mark, although it contains #[forbid(unsafe_code)] (see https://github.com/serde-rs/serde/blob/master/serde/src/lib.rs#L139).

I am not sure if this was already reported. Please close this if this is a duplicate..

Best regards,
Maximilian

[anderejd]

Thanks for the report!

This could be related to #116

[pinkforest]

Looking at serde 1.0.117 -

serde/src/lib.rs:#![forbid(unsafe_code)]
test_suite/tests/test_ser.rs:    let path = unsafe { str::from_utf8_unchecked(b"Hello \xF0\x90\x80World") };
test_suite/no_std/src/main.rs:    unsafe {

Yes we will have to manage test suite / dev dep handling differently.

Just curiosity wise as well unrelated to this error -

serde has unsafe as of now

src/ser/impls.rs: serializer.serialize_str(unsafe { str::from_utf8_unchecked(&buf[..written]) })

0/0        4/4          0/0    0/0     0/0      !  ├── serde 1.0.133

Action(s) To Resolve The Issue

• Figure out the better way to report on development dependencies separately
• Document the approach chosen