Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo audit informs a possibility of a vulnerability #71

Closed
jaudiger opened this issue Feb 21, 2022 · 4 comments
Closed

Cargo audit informs a possibility of a vulnerability #71

jaudiger opened this issue Feb 21, 2022 · 4 comments
Labels
question Further information is requested

Comments

@jaudiger
Copy link

From cargo audit checking:

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded [39](https://gitlab.com/my_project/-/jobs/2118924918#L39)8 security advisories (from my_project/.cargo/advisory-db)
    Updating crates.io index
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (260 crate dependencies)
Crate:         chrono
Version:       0.4.19
Title:         Potential segfault in `localtime_r` invocations
Date:          2020-11-10
ID:            RUSTSEC-2020-0159
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution:      No safe upgrade is available!
Dependency tree: 
chrono 0.4.19
└── shadow-rs 0.8.1
@baoyachi baoyachi mentioned this issue Feb 22, 2022
Closed
@baoyachi baoyachi added the question Further information is requested label Mar 10, 2022
@daniel-white
Copy link

simplelog replaced their implementation with time-rs

@baoyachi
Copy link
Owner

baoyachi commented Apr 21, 2022
edited
Loading

@daniel-white see

@baoyachi baoyachi mentioned this issue Jul 14, 2022
Merged
@baoyachi
Copy link
Owner

Now, fix with #99.

Upgarde shadow-rs version

...
[dependencies]
shadow-rs = "0.13.0"
...

@baoyachi
Copy link
Owner

Close now, and reopen it if there is a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daniel-white @baoyachi @jaudiger