Backport Vec<ZST> deserialisation fix to 0.10.x

[mina86]

Would it be possible to get commit e880d87 backported to 0.10.x branch and released? Not all code bases have upgraded to 1.x yet and now GitHub is complaining about moderate security issue.

https://github.com/mina86/borsh-rs/tree/0.10.4 has all the necessary commits.

[dj8yfo]

@mina86 would it contradict your purpose to also bump MSRV to 1.66 in your branch and change workspace syntax
to newer one:

(workspace.metadata.workspaces doesn't look to be normal anymore)
https://github.com/mina86/borsh-rs/blob/0.10.4/Cargo.toml#L11-L13
https://github.com/mina86/borsh-rs/blob/0.10.4/borsh/Cargo.toml#L3

to

https://github.com/near/borsh-rs/blob/master/Cargo.toml#L4-L7
https://github.com/near/borsh-rs/blob/master/borsh/Cargo.toml#L3
?

[mina86]

I’m not sure what you mean. This is a backport so I only care about the one commit that addresses the RUSTSEC vulnerability. I’m currently successfully using 0.10.3 in a bunch of projects so keeping MSRV and format of Cargo.toml files as they are in 0.10.3 is perfectly fine by me.

[mina86]

@dj8yfo, ok, got what you meant. Updated my branch.