New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Remove vulnerable time-0.1.x chrono dependency #4750
Conversation
fafd1d8
to
0c11180
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you probably also can remove the ignore
from .cargo/audit.toml
, right?
Agreed, but please just remove the whole file. Looks like I forgot to add the default-features toggle when attempting to restrict the feature set. |
0c11180
to
b940dc7
Compare
@davidkna you said:
Does it mean we should remove |
@ixti I think it wasn't a feature yet when I changed it. You can keep it, but starship doesn't build for wasm targets either way. |
Okay. Either way, I believe such cleanup belongs to a different PR ;)) |
The dependency is optional for chrono and enabled by default for backward compatibility only. See: https://rustsec.org/advisories/RUSTSEC-2020-0071 See: https://github.com/chronotope/chrono/blob/v0.4.23/CHANGELOG.md#0416
b940dc7
to
245ca8f
Compare
Thanks for the fix! |
The dependency is optional for chrono and enabled by default for backward compatibility only. See: https://rustsec.org/advisories/RUSTSEC-2020-0071 See: https://github.com/chronotope/chrono/blob/v0.4.23/CHANGELOG.md#0416
The dependency is optional for chrono and enabled by default for backward compatibility only.
RUSTSEC-2020-0071: https://rustsec.org/advisories/RUSTSEC-2020-0071
Closes #3163