Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New release w/o chrono dep #63

Closed
Ralith opened this issue Nov 21, 2021 · 4 comments · Fixed by #64
Closed

New release w/o chrono dep #63

Ralith opened this issue Nov 21, 2021 · 4 comments · Fixed by #64

Comments

@Ralith
Copy link

Ralith commented Nov 21, 2021

Can we get a new release with #61? I'd really love for my downstream CI to stop yelling at me about the CVE.
@Ralith Ralith mentioned this issue Nov 21, 2021
Merged
@est31
Copy link
Collaborator

est31 commented Nov 22, 2021
edited

I'm a bit annoyed by the fact that this causes these warnings. yasna does not use the offending API of the chrono crate, but it does/did use the fact that chrono supports leap seconds. Lacking leap second support can introduce actual bugs to programs. So the CVE warning pushes yasna from one solution that has no issues to another solution that does have issues, worsening security not helping with it.

Maybe we should just do our time handling ourselves, idk.

@Ralith
Copy link
Author

Ralith commented Dec 24, 2021

Bump?

@robjtede
Copy link

robjtede commented Feb 1, 2022

+1 bump on release

@est31 est31 mentioned this issue Feb 2, 2022
Merged
@est31 est31 closed this as completed in #64 Feb 2, 2022
@est31
Copy link
Collaborator

est31 commented Feb 2, 2022

Resolved now. See rustls/rcgen#66 (comment) for why it took so long.

nuke-web3 added a commit to nuke-web3/quinn that referenced this issue Dec 19, 2022
@nuke-web3
Update deny.toml
b7ba778 
qnighy/yasna.rs#63 is resolved
@nuke-web3 nuke-web3 mentioned this issue Dec 19, 2022
Merged
Ralith pushed a commit to quinn-rs/quinn that referenced this issue Dec 19, 2022
@nuke-web3 @Ralith
Update deny.toml
088f244 
qnighy/yasna.rs#63 is resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Release 0.5.0 est31/yasna.rs
3 participants
@Ralith @robjtede @est31