Replace SwiftCBOR with PotentCodable

[marius-se]

There is a bug in SwiftCBOR causing an application to crash when decoding large amounts of random (/invalid CBOR) bytes. I tried to find the source of this problem in SwiftCBOR, but wasn't successful with that unfortunately.

[dimitribouniol]

For what it's worth, if we want to still use SwiftCBOR, I submitted a fix here valpackett/SwiftCBOR#101 that we can use as a subclass to CBORDecoder if they don't merge the fix.

[dimitribouniol]

that we can use as a subclass to CBORDecoder if they don't merge the fix

nvm, it seems like CBORDecoder is not open, so it can't be subclassed 🫠

[marius-se]

Ah nice! I didn't mention it in this PR yet but PotentCodable has the exact same issue :D
I'd still prefer to migrate to PotentCodable since it seems to be more actively maintained. @dimitribouniol would you be okay with shipping the same fix to PotentCodable? I created an issue a few weeks ago here: outfoxx/PotentCodables#65

[dimitribouniol]

Yeah, I saw it afterwards haha. It should be possible, though it'll be a bit more involved since PotentCodables uses a struct for reading, so we'll need to pass the depth down to everything which is a bit more error prone.

Should we consider instead forking SwiftCBOR, cleaning it up with documentation and additional niceties (OrderedDictionaries for one), and making it available under the swift-server umbrella? Their license permits this, though I wanted to check first here to see if there was interest and to also ask Val via Mastodon or something if they were alright with it.

[0xTim]

It should probably live in the swift-server-community org but I'd prefer to see the changes upstreamed if the maintainer is happy to accept a PR