Add ability to disable lexical dep
#7752
Comments
|
It's fine to switch to |
|
It's a relatively small patch. How about we provide both options (remove the dep completely vs make it optional) and you can choose? |
|
Who choose? Removing dep completely is fine, but I'm not sure what you are saying |
|
Oh, I was saying that the patch to make it optional is not much more complicated and you can choose which PR to land after looking at them: whether to land the one making it optional or the one removing it completely. But if you strongly prefer removing the dep we can just do that. |
|
I've sent two pull requests:
You can decide which approach you prefer. |
This PR replaces the current usage of lexical within the swc_ecma_parser crate with equivalent parsing of large numbers using BigInt. **Description:** As discussed in #7752, lexical contains a number of soundness issues but doesn't appear to be actively supported. Given the relatively low integration surface it seems reasonable to replace the usage of lexical with another package to avoid this issue. **Related issue:** - Closes #7752
This PR replaces the current usage of lexical within the swc_ecma_parser crate with equivalent parsing of large numbers using BigInt. **Description:** As discussed in swc-project#7752, lexical contains a number of soundness issues but doesn't appear to be actively supported. Given the relatively low integration surface it seems reasonable to replace the usage of lexical with another package to avoid this issue. **Related issue:** - Closes swc-project#7752
|
This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you. |
swcuses thelexicalfamily of crates for parsing numbers. It's a fast crate, but unfortunately it has a number of soundness issues, and so far there has been no movement from upstream on this (or accepting any of the patches opened so far):try_parse_{4,8}digitsappear to advance iterators out of bounds Alexhuszagh/rust-lexical#101Bytes::read()Alexhuszagh/rust-lexical#102unsafe traitor private Alexhuszagh/rust-lexical#104It would be nice for users of
swcto be able to choose whetherlexicalis used. I would recommend makinglexicalan optional dependency, enabled by default, so that people can useswcwithno-default-featuresif they wish to avoid the dep. Thenumfamily of crates is well established and has alternate code that does the same stuff aslexical, though perhaps not as optimized.We have a patch we can submit to support this.
The text was updated successfully, but these errors were encountered: