diff --git a/go.mod b/go.mod index 5e216ad..cdebeb0 100644 --- a/go.mod +++ b/go.mod @@ -6,11 +6,10 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 github.com/goccy/go-json v0.10.6 github.com/gofiber/fiber/v3 v3.1.0 - github.com/hyp3rd/ewrap v1.3.8 + github.com/hyp3rd/ewrap v1.3.9 github.com/hyp3rd/sectools v1.2.3 github.com/longbridgeapp/assert v1.1.0 github.com/redis/go-redis/v9 v9.18.0 - github.com/shamaton/msgpack/v3 v3.1.0 github.com/ugorji/go/codec v1.3.1 go.opentelemetry.io/otel v1.43.0 go.opentelemetry.io/otel/metric v1.43.0 diff --git a/go.sum b/go.sum index cd9f2cb..53c8447 100644 --- a/go.sum +++ b/go.sum @@ -29,8 +29,8 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hyp3rd/ewrap v1.3.8 h1:36IYDgSWI5wG85G+CIwE7WvU5xi+FJvT8KWR8YVT+cA= -github.com/hyp3rd/ewrap v1.3.8/go.mod h1:ly3lreW7OWbBaX9I4zTKqctJlf9uxNQiUD5zXl2vz4g= +github.com/hyp3rd/ewrap v1.3.9 h1:4vtnxji/aJdnyR2dfl93R/uYcGrNdi93EbV/r5BYalk= +github.com/hyp3rd/ewrap v1.3.9/go.mod h1:2AgfjKPZjfBxvlTrbdWrNZzxV3jqmcOHg38aKyXvxpQ= github.com/hyp3rd/sectools v1.2.3 h1:XElGIhLOWPJxVLyLPzfKASYjs+3yEkDN48JeSw/Wvjo= github.com/hyp3rd/sectools v1.2.3/go.mod h1:iwl65boK1VNhwvRNSQDItdD5xon8W1l+ox4JFTe5WbI= github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= diff --git a/internal/libs/serializer/msgpack.go b/internal/libs/serializer/msgpack.go index 94087ee..de4b6d4 100644 --- a/internal/libs/serializer/msgpack.go +++ b/internal/libs/serializer/msgpack.go @@ -2,31 +2,44 @@ package serializer import ( "github.com/hyp3rd/ewrap" - "github.com/shamaton/msgpack/v3" ) // MsgpackSerializer leverages `msgpack` to serialize the items before storing them in the cache. +// +// Deprecated: This serializer is now a shim and will be removed in a future release for security reasons. +// REF: https://github.com/shamaton/msgpack/pull/60 +// Please use the `Marshal` method of the `Serializer` interface instead. type MsgpackSerializer struct{} // Marshal serializes the given value into a byte slice. // @param v. -func (*MsgpackSerializer) Marshal(v any) ([]byte, error) { // receiver omitted (unused) - data, err := msgpack.Marshal(&v) - if err != nil { - return nil, ewrap.Wrap(err, "failed to marshal msgpack") - } +// +// Deprecated: This method is now a shim and will be removed in a future release for security reasons. +// REF: https://github.com/shamaton/msgpack/pull/60 +// Please use the `Marshal` method of the `Serializer` interface instead. +func (*MsgpackSerializer) Marshal(_ any) ([]byte, error) { // receiver omitted (unused) + // data, err := msgpack.Marshal(&v) + // if err != nil { + // return nil, ewrap.Wrap(err, "failed to marshal msgpack") + // } - return data, nil + // return data, nil + return nil, ewrap.New("msgpack serialization is deprecated and has been disabled for security reasons") } // Unmarshal deserializes the given byte slice into the given value. // @param data // @param v. -func (*MsgpackSerializer) Unmarshal(data []byte, v any) error { // receiver omitted (unused) - err := msgpack.Unmarshal(data, v) - if err != nil { - return ewrap.Wrap(err, "failed to unmarshal msgpack") - } +// +// Deprecated: This method is now a shim and will be removed in a future release for security reasons. +// REF: https://github.com/shamaton/msgpack/pull/60 +// Please use the `Unmarshal` method of the `Serializer` interface instead. +func (*MsgpackSerializer) Unmarshal(_ []byte, _ any) error { // receiver omitted (unused) + // err := msgpack.Unmarshal(data, v) + // if err != nil { + // return ewrap.Wrap(err, "failed to unmarshal msgpack") + // } - return nil + // return nil + return ewrap.New("msgpack deserialization is deprecated and has been disabled for security reasons") }