Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch from chrono to time 0.3.3 to avoid vulns #297

Merged
merged 1 commit into from
Oct 20, 2021
Merged

Switch from chrono to time 0.3.3 to avoid vulns #297

merged 1 commit into from
Oct 20, 2021

Conversation

alexjg
Copy link
Contributor

@alexjg alexjg commented Oct 20, 2021
edited
Loading

Due to a CVE in chrono[0] we switch to time 0.3.3. Chrono actually
depends on an older, similarly vulnerable version of time but newer
versions of time seem to offer everything we need to validate dates
and times anyway.

[0] rustsec/advisory-db#1082

Signed-off-by: Alex Good alex@memoryandthought.me

@alexjg alexjg force-pushed the switch-chrono-to-time branch 2 times, most recently from 65edb9d to d033071 Compare October 20, 2021 15:04
@codecov
Copy link

codecov bot commented Oct 20, 2021
edited
Loading

Codecov Report

Merging #297 (00f4503) into master (8d1d598) will decrease coverage by 0.01%.
The diff coverage is 66.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #297      +/-   ##
==========================================
- Coverage   80.79%   80.78%   -0.02%     
==========================================
  Files          56       56              
  Lines        5317     5318       +1     
==========================================
  Hits         4296     4296              
- Misses       1021     1022       +1
Impacted Files Coverage Δ
jsonschema/src/keywords/format.rs 88.49% <66.66%> (-0.36%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8d1d598...00f4503. Read the comment docs.

Stranger6667
Stranger6667 requested changes Oct 20, 2021
View reviewed changes
Copy link
Owner

@Stranger6667 Stranger6667 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for implementing this!

@alexjg
fix: Switch from chrono to time 0.3.3
00f4503 
Due to a CVE in chrono[0] we switch to time 0.3.3. Chrono actually
depends on an older, similarly vulnerable version of `time` but newer
versions of `time` seem to offer everything we need to validate dates
and times anyway.

[0] rustsec/advisory-db#1082

Signed-off-by: Alex Good <alex@memoryandthought.me>
@alexjg alexjg force-pushed the switch-chrono-to-time branch from d033071 to 00f4503 Compare October 20, 2021 15:25
@Stranger6667 Stranger6667 merged commit 625c66e into Stranger6667:master Oct 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Stranger6667 Stranger6667 Stranger6667 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexjg @Stranger6667