application-services icon indicating copy to clipboard operation
application-services copied to clipboard

Published 20 hours ago verified publisher icon mozilla

Remove cargo audit ignores once chrono advisory is resolved

Open tarikeshaq opened this issue 4 years ago • 2 comments

With https://github.com/mozilla/application-services/pull/4589, we added cargo audit ignores for two security advisories. This ticket is to remove the ignores

This means one of two things:

  • Either remove chrono all together and use time directly
  • If chrono resolves the issue and releases a fixed version, upgrade to that

We should do this once enough time has passed and/or:

  • https://github.com/chronotope/chrono/pull/578 is merged
  • https://github.com/chronotope/chrono/issues/602 is fixed

┆Issue is synchronized with this Jira Task ┆Epic: local development, ci and release (backlog)

tarikeshaq avatar Oct 19 '21 04:10 tarikeshaq

Note that chrono itself has the same issue, not just transitively via time. Chrono updating to time 0.3 by itself is not sufficient.

jhpratt avatar Oct 19 '21 05:10 jhpratt

Thank you! Looks like they have an issue for that: https://github.com/chronotope/chrono/issues/499, adding it here for future reference.

tarikeshaq avatar Oct 19 '21 19:10 tarikeshaq