From 255f91c3ce896f71b874f260b61f86232485d823 Mon Sep 17 00:00:00 2001
From: Alexey Zapparov <alexey@zapparov.com>
Date: Fri, 23 Dec 2022 10:35:24 +0100
Subject: [PATCH] fix: Remove vulnerable time-0.1.x chrono dependency (#4750)

The dependency is optional for chrono and enabled by default for
backward compatibility only.

See: https://rustsec.org/advisories/RUSTSEC-2020-0071
See: https://github.com/chronotope/chrono/blob/v0.4.23/CHANGELOG.md#0416
---
 .cargo/audit.toml |  7 -------
 Cargo.lock        | 26 ++++----------------------
 Cargo.toml        |  2 +-
 3 files changed, 5 insertions(+), 30 deletions(-)
 delete mode 100644 .cargo/audit.toml

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
deleted file mode 100644
index b74b63d264a5..000000000000
--- a/.cargo/audit.toml
+++ /dev/null
@@ -1,7 +0,0 @@
-[advisories]
-ignore = [
-  # Potential segfault in the time crate
-  # chrono dependency, but vulnerable function is never called
-  # Tacked in #3163
-  "RUSTSEC-2020-0071",
-]
diff --git a/Cargo.lock b/Cargo.lock
index 969835def3e8..ee51658c8d99 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -309,7 +309,6 @@ dependencies = [
  "js-sys",
  "num-integer",
  "num-traits",
- "time 0.1.44",
  "wasm-bindgen",
  "winapi",
 ]
@@ -1001,7 +1000,7 @@ dependencies = [
  "bstr",
  "itoa",
  "thiserror",
- "time 0.3.14",
+ "time",
 ]
 
 [[package]]
@@ -1660,7 +1659,7 @@ dependencies = [
  "dirs-next",
  "objc-foundation",
  "objc_id",
- "time 0.3.14",
+ "time",
 ]
 
 [[package]]
@@ -2662,7 +2661,7 @@ checksum = "6c401e795850edb4e9fdde5940f856364f0fbab573e8dea58f6ee5f85fcf471d"
 dependencies = [
  "const_format",
  "is_debug",
- "time 0.3.14",
+ "time",
 ]
 
 [[package]]
@@ -2869,7 +2868,7 @@ dependencies = [
  "lazy_static",
  "libc",
  "nom 7.1.1",
- "time 0.3.14",
+ "time",
  "winapi",
 ]
 
@@ -2997,17 +2996,6 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "time"
-version = "0.1.44"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
-dependencies = [
- "libc",
- "wasi 0.10.0+wasi-snapshot-preview1",
- "winapi",
-]
-
 [[package]]
 name = "time"
 version = "0.3.14"
@@ -3280,12 +3268,6 @@ version = "0.9.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
 
-[[package]]
-name = "wasi"
-version = "0.10.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
-
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
diff --git a/Cargo.toml b/Cargo.toml
index 50696633fb60..ba4798c9bef9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -42,7 +42,7 @@ git-repository-max-perf = ["git-features/zlib-ng", "git-repository/fast-sha1"]
 git-repository-faster = ["git-features/zlib-stock", "git-repository/fast-sha1"]
 
 [dependencies]
-chrono = { version = "0.4.23", features = ["clock", "std"] }
+chrono = { version = "0.4.23", default-features = false, features = ["clock", "std", "wasmbind"] }
 clap = { version = "4.0.32", features = ["derive", "cargo", "unicode"] }
 clap_complete = "4.0.7"
 dirs-next = "2.0.0"