-
-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support Aeson 2 #1475
support Aeson 2 #1475
Conversation
dependecy with swagger2should we use openAPI3 instead? #1470
|
Do we really need to force aeson >= 2? |
We could perhaps CPP magic a bit to also support older versions. however given Servant actually parses untrusted input from the network, thus is one of the few actual libraries where the aeson vulnerability is actually a vulnerability. I think forcing users to switch to Aeson 2.0 is not a bad idea. However this might require us also doing a major version bump. |
Maybe it is a bit early to require aeson 2 or more, but we should do it at some point. |
Indeed, these kinds of migrations can take some time to ripple throughout the ecosystem. Let's require 2.1 in the future. |
Hi! What's the status here? Having servant version that supports |
@akhesaCaro and others: Does this require more than a revision to the servant packages? To simply support aeson 2.x, that is, as opposed to having it as the min bound. |
swagger2 now only supports |
Hmm https://github.com/haskell-servant/servant-swagger should probably bump the |
Yes it is planned to merge servant-swagger into the monorepo, but as I said, I was waiting for them to bump aeson. It is done since a few days. I just need some times to finish this PR. |
@akhesaCaro would it make sense to move |
@maksbotan I think it would make sense to move servant-openapi3 into the servant repo but the repo isn't owned by servant so I don't have any rights on it and it isn't in the scope of this PR imho. |
Now Jose is not happy
|
And now base64-bystestring
|
Code needs to be fixed :
|
3e2f28c
to
0f160b8
Compare
servant-swagger is not happy against older GHC (8.6.5 for instance) : I thought I would be able to bump aeson without migrating servant-swagger into this repo but it seems that I dont have the choice :)
|
Moving servant-swagger into this repo : #1483 |
7d3fd44
to
bfc4323
Compare
Could we perhaps allow aeson < 2 and >= 2, with a bit of CPP? #if MIN_VERSION_aeson(2,0,0)
import qualified Data.Aeson.KeyMap as KM
#else
import qualified Data.HashMap.Strict as KM
#endif
... KM.lookup ... |
201b8f2
to
7893659
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
(Just make sure we don't merge the "messy" commit history of this branch.)
Fixes : #1467 (for aeson)
Following : #1404 (for servant-swagger moving)
Tasks
Bump Aeson
Data.Map
instead ofData.HashMap.Strict
)Move servant-swagger into this repo
servant-swagger
into the repo because it needed to bump aeson2 (and it easier than making a release). Needed bounds with aeson2