Skip to content

Disable chrono's default-features #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 27, 2022
Merged

Disable chrono's default-features #17

merged 1 commit into from
Oct 27, 2022

Conversation

@msepga
Copy link
Contributor

@msepga msepga commented Oct 26, 2022

This fixes invocations of cargo audit, where the unnecessary time dependency is pulled in.

Before:

❯ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 464 security advisories (from /Users/msepga/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (106 crate dependencies)
Crate:     time
Version:   0.1.44
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.44
└── chrono 0.4.22
    ├── postgres_range 0.11.0
    └── postgres-types 0.2.4
        ├── tokio-postgres 0.7.7
        │   └── postgres 0.19.4
        │       └── postgres_range 0.11.0
        └── postgres_range 0.11.0

error: 1 vulnerability found!

After:

❯ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 464 security advisories (from /Users/msepga/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (104 crate dependencies)

@msepga
Disable chrono default-features
95d1049 
This fixes usage of `cargo audit`, where the unnecessary `time`
dependency is pulled in.
@sfackler sfackler merged commit e8f2a5d into rust-postgres:master Oct 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msepga @sfackler