1
0
mirror of https://github.com/Llewellynvdm/starship.git synced 2024-11-28 07:46:28 +00:00

fix: Remove vulnerable time-0.1.x chrono dependency (#4750)

The dependency is optional for chrono and enabled by default for
backward compatibility only.

See: https://rustsec.org/advisories/RUSTSEC-2020-0071
See: https://github.com/chronotope/chrono/blob/v0.4.23/CHANGELOG.md#0416
This commit is contained in:
Alexey Zapparov 2022-12-23 10:35:24 +01:00 committed by GitHub
parent d32f1150f1
commit 255f91c3ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 30 deletions

View File

@ -1,7 +0,0 @@
[advisories]
ignore = [
# Potential segfault in the time crate
# chrono dependency, but vulnerable function is never called
# Tacked in #3163
"RUSTSEC-2020-0071",
]

26
Cargo.lock generated
View File

@ -309,7 +309,6 @@ dependencies = [
"js-sys",
"num-integer",
"num-traits",
"time 0.1.44",
"wasm-bindgen",
"winapi",
]
@ -1001,7 +1000,7 @@ dependencies = [
"bstr",
"itoa",
"thiserror",
"time 0.3.14",
"time",
]
[[package]]
@ -1660,7 +1659,7 @@ dependencies = [
"dirs-next",
"objc-foundation",
"objc_id",
"time 0.3.14",
"time",
]
[[package]]
@ -2662,7 +2661,7 @@ checksum = "6c401e795850edb4e9fdde5940f856364f0fbab573e8dea58f6ee5f85fcf471d"
dependencies = [
"const_format",
"is_debug",
"time 0.3.14",
"time",
]
[[package]]
@ -2869,7 +2868,7 @@ dependencies = [
"lazy_static",
"libc",
"nom 7.1.1",
"time 0.3.14",
"time",
"winapi",
]
@ -2997,17 +2996,6 @@ dependencies = [
"syn",
]
[[package]]
name = "time"
version = "0.1.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
dependencies = [
"libc",
"wasi 0.10.0+wasi-snapshot-preview1",
"winapi",
]
[[package]]
name = "time"
version = "0.3.14"
@ -3280,12 +3268,6 @@ version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
[[package]]
name = "wasi"
version = "0.10.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
[[package]]
name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"

View File

@ -42,7 +42,7 @@ git-repository-max-perf = ["git-features/zlib-ng", "git-repository/fast-sha1"]
git-repository-faster = ["git-features/zlib-stock", "git-repository/fast-sha1"]
[dependencies]
chrono = { version = "0.4.23", features = ["clock", "std"] }
chrono = { version = "0.4.23", default-features = false, features = ["clock", "std", "wasmbind"] }
clap = { version = "4.0.32", features = ["derive", "cargo", "unicode"] }
clap_complete = "4.0.7"
dirs-next = "2.0.0"