-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RUSTSEC-2020-0159 #50
Comments
Just for context, we took a dependency on Looking at chronotope/chrono#499 it looks like there are some open PRs ready to be merged and fixed when |
That's a great idea, might be worth introducing as long as we are okay with overriding merges when we hit scenarios like these |
I think this one can be closed at this point |
The vulnerable chrono dependency was removed in #124 |
Cargo audit reports the following:
If possible, it might be better to avoid using
chrono
- according tocargo tree
it looks liketime 0.1.44
is only in the dependency tree due tochrono 0.4.19
. It seems that if the code can be refactored to avoidchrono
, that both RUSTSEC advisories would be addressed.We may want to add
cargo audit
into the CI workflow as well.The text was updated successfully, but these errors were encountered: