-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolve 2 security issues #1223
Comments
For RUSTSEC-2020-0071, see #602. For RUSTSEC-2021-0145, note that the dependency is guarded by an (We should definitely get rid of |
Can I ask a Question, I can't find the answer after looking What does the release cycle look like -- when will the already commit patch, that fixes the first advisory, be published on crates.io? If there is any manual testing to be done please nudge me and I will jump on it. Secondly, this PR #1224 fixes the second advisory |
Thank you for looking into this. Unfortunately both are not just simple fixes. The time 0.1 dependency is only there because one of its types is part of our public API. We don't use the functionality that is related to the security advisory. We hope to fix it with #1095. |
We mostly work on the 0.4.x branch, main should eventually become a 0.5 release but has quite some work left to do. |
Criterion is dropped as a dependency in #1243 (moved to a sub-crate and updated to 5.1). |
There are 2 problems that I see .. I just want to report them
There is a difference between the latest version published on crates.io ( 0.4.26 )
and the main branch here..
For example when I run
cargo audit
on a upstream package ( theta-chart )I get the first warning
This problem is known .... when I run cargo audit on the "main" branch
I see that it has fixed but that is I see a different security advisory
The text was updated successfully, but these errors were encountered: