Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade time dependency (via cookie) #2555

Merged
merged 6 commits into from
Dec 29, 2021
Merged

Upgrade time dependency (via cookie) #2555

merged 6 commits into from
Dec 29, 2021

Conversation

LukeMathWalker
Copy link
Contributor

@LukeMathWalker LukeMathWalker commented Dec 29, 2021
edited by robjtede
Loading

PR Type

Other

PR Checklist

  • Tests for the changes have been added / updated.
  • Documentation comments have been added / updated.
  • A changelog entry has been made for the appropriate packages.
  • Format code with the latest stable rustfmt.
  • (Team) Label with affected crates and semver status.

Overview

Upgrade to the latest cookie release - this removes the dependency on a version of time that was affected by RUSTSEC-2020-0071. actix-web and awc still depend on a vulnerable version of chrono via rcgen, but rcgen is only used as a dev dependency therefore this does not affect end users.

This is a breaking change, because cookie's types are exposed in the public API.

Luca Palmieri added 3 commits December 29, 2021 10:31
Upgrade to the latest cookie release - this removes the dependency …
18615ff 
…on a version of `time` that was affected by RUSTSEC-2020-0071. `actix-web` still depends on a vulnerable version of `chrono` via `rcgen`, but `rcgen` is only used as a dev dependency therefore this does not affect end users.

This is a breaking change, because `cookie`'s types are exposed in the public API of `actix-web`.
Update changelogs.
4eb9b2c
Merge branch 'master' into upgrade-time-dependency
229985d
@robjtede robjtede added A-awc project: awc A-web project: actix-web B-semver-major breaking change requiring a major version bump labels Dec 29, 2021
@robjtede robjtede added this to the actix-web v4 milestone Dec 29, 2021
@robjtede
Copy link
Member

robjtede commented Dec 29, 2021
edited
Loading

I've also bumped this repo's MSRV to 1.54 in anticipation of this change since cookie's new MSRV is 1.53.

Luca Palmieri added 2 commits December 29, 2021 10:45
@robjtede robjtede merged commit 74738c6 into actix:master Dec 29, 2021
@LukeMathWalker LukeMathWalker deleted the upgrade-time-dependency branch December 29, 2021 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robjtede robjtede robjtede approved these changes

Assignees
No one assigned
Labels
A-awc project: awc A-web project: actix-web B-semver-major breaking change requiring a major version bump
Projects
None yet
Milestone
actix-web v4
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@LukeMathWalker @robjtede