bee Tracking Issue for `chrono`/`time` fixes

Tracking Issue for `chrono`/`time` fixes

Open Adam-Gleave opened this issue 2 years ago • 5 comments

This is a tracking issue for addressing #783 and #779.

[ ] Remove chrono as a direct dependency of Bee.
[ ] Update any dependencies that have subdependencies on chrono or an effected time version, if these have been patched with fixes.
[x] For dependencies that appear inactive, fork and patch them ourselves, and submit a PR to the maintainer.
[ ] Remove the advisories CI bypass

Oct 20 '21 15:10 Adam-Gleave

tracing has merged a patch for this issue, but we are waiting on a release.

Oct 20 '21 15:10 Adam-Gleave

Opened this PR for simple_asn1, which is used in jsonwebtoken.

(This has now been merged).

Oct 20 '21 16:10 Adam-Gleave

Opened this PR for jsonwebtoken, now that simple_asn1 has had a new release, and tokio-console has merged dependency updates.

Oct 28 '21 11:10 Adam-Gleave

Looks like a lot has been made regarding to the two security issues, but this tracking issue is not updated for a while.

Nov 18 '21 16:11 jyhi

We're just waiting for dependencies to merge the PRs we did to fix these issues.

Nov 18 '21 16:11 thibault-martinez