Dependency serde_cbor is unmaintained

[webmaster128]

When using Wasmer, wasmer-config pulls in the unmaintained dependency serde_cbor. Would be great if that could be removed from the codebase in favour of an actively maintained solution.

See https://rustsec.org/advisories/RUSTSEC-2021-0127

[syrusakbary]

Thanks for the ping!
Right now the wasmer crate depends on wasmer-types which depends on webc which depends on wasmer-config. Thankfully, wasmer-config is not being used at all when using the wasmer create, so it should be trivial to remove (it's only used in the CLI or WASIX).

We shall remove the webc in wasmer-types, so it doesn't leak into the wasmer crate.

[syrusakbary]

Also, webc should be using wasmer-config 0.5 as the rest (so the types doesn't become duplicated)

[webmaster128]

We shall remove the webc in wasmer-types, so it doesn't leak into the wasmer crate.

This would indeed be great as I ran into dependency issues because of that a few weeks ago (don't remember anymore what it was exactly but something outdated)

[webmaster128]

By the way, I was trying to find the repo for webc and could not find it. https://github.com/wasmerio/pirita does not seem to be public. Is that intentional?