Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo audit issue with time #2727

Open
paulhauner opened this issue Oct 17, 2021 · 1 comment
Open

Cargo audit issue with time #2727

paulhauner opened this issue Oct 17, 2021 · 1 comment
Labels
security

Comments

@paulhauner
Copy link
Member

Description

CI for #2726 failed due to this cargo audit vuln: https://rustsec.org/advisories/RUSTSEC-2020-0071. This solution for this vuln is to upgrade time to >=0.2.23.

We are unable to perform this upgrade due to the following dependencies:

Once our dependencies update and we can update time, we should undo the --ignore added here e825728.
@paulhauner paulhauner mentioned this issue Oct 17, 2021
Closed
bors bot pushed a commit that referenced this issue Oct 18, 2021
@paulhauner
Release v2.0.1 (#2726)
fff01b2 
## Issue Addressed

NA

## Proposed Changes

- Update versions to `v2.0.1` in anticipation for a release early next week.
- Add `--ignore` to `cargo audit`. See #2727.

## Additional Info

NA
@divagant-martian
Copy link
Collaborator

cargo auditnow reports too on chrono but it's the same issue https://rustsec.org/advisories/RUSTSEC-2020-0159 I wonder if we will get one for the other deps.

@divagant-martian divagant-martian mentioned this issue Oct 18, 2021
Closed
bors bot pushed a commit that referenced this issue Oct 18, 2021
@divagant-martian
Ignore cargo audit advisory (#2730)
e75ce53 
## Issue Addressed
Related to #2727 

Ignores the audit failure for the same reasons in #2727
@jimmygchen jimmygchen mentioned this issue Aug 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paulhauner @divagant-martian and others