haskal
/
starship
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: Remove vulnerable time-0.1.x chrono dependency (#4750) 

The dependency is optional for chrono and enabled by default for
backward compatibility only.

See: https://rustsec.org/advisories/RUSTSEC-2020-0071
See: https://github.com/chronotope/chrono/blob/v0.4.23/CHANGELOG.md#0416
This commit is contained in:
Alexey Zapparov 2022-12-23 10:35:24 +01:00 committed by GitHub
parent d32f1150f1
commit 255f91c3ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.cargo/audit.toml
View File

@ -1,7 +0,0 @@
[advisories]
ignore = [
# Potential segfault in the time crate
# chrono dependency, but vulnerable function is never called
# Tacked in #3163
"RUSTSEC-2020-0071",
]

26
Cargo.lock generated
View File

@ -309,7 +309,6 @@ dependencies = [
"js-sys", "js-sys",
"num-integer", "num-integer",
"num-traits", "num-traits",
"time 0.1.44",
"wasm-bindgen", "wasm-bindgen",
"winapi", "winapi",
] ]
@ -1001,7 +1000,7 @@ dependencies = [
"bstr", "bstr",
"itoa", "itoa",
"thiserror", "thiserror",
"time 0.3.14", "time",
] ]
[[package]] [[package]]
@ -1660,7 +1659,7 @@ dependencies = [
"dirs-next", "dirs-next",
"objc-foundation", "objc-foundation",
"objc_id", "objc_id",
"time 0.3.14", "time",
] ]
[[package]] [[package]]
@ -2662,7 +2661,7 @@ checksum = "6c401e795850edb4e9fdde5940f856364f0fbab573e8dea58f6ee5f85fcf471d"
dependencies = [ dependencies = [
"const_format", "const_format",
"is_debug", "is_debug",
"time 0.3.14", "time",
] ]
[[package]] [[package]]
@ -2869,7 +2868,7 @@ dependencies = [
"lazy_static", "lazy_static",
"libc", "libc",
"nom 7.1.1", "nom 7.1.1",
"time 0.3.14", "time",
"winapi", "winapi",
] ]
@ -2997,17 +2996,6 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "time"
version = "0.1.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
dependencies = [
"libc",
"wasi 0.10.0+wasi-snapshot-preview1",
"winapi",
]
[[package]] [[package]]
name = "time" name = "time"
version = "0.3.14" version = "0.3.14"
@ -3280,12 +3268,6 @@ version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
[[package]]
name = "wasi"
version = "0.10.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
[[package]] [[package]]
name = "wasi" name = "wasi"
version = "0.11.0+wasi-snapshot-preview1" version = "0.11.0+wasi-snapshot-preview1"

2
Cargo.toml
View File

@ -42,7 +42,7 @@ git-repository-max-perf = ["git-features/zlib-ng", "git-repository/fast-sha1"]
git-repository-faster = ["git-features/zlib-stock", "git-repository/fast-sha1"] git-repository-faster = ["git-features/zlib-stock", "git-repository/fast-sha1"]
[dependencies] [dependencies]
chrono = { version = "0.4.23", features = ["clock", "std"] } chrono = { version = "0.4.23", default-features = false, features = ["clock", "std", "wasmbind"] }
clap = { version = "4.0.32", features = ["derive", "cargo", "unicode"] } clap = { version = "4.0.32", features = ["derive", "cargo", "unicode"] }
clap_complete = "4.0.7" clap_complete = "4.0.7"
dirs-next = "2.0.0" dirs-next = "2.0.0"