Bump time to 0.3 #578
Closed
Bump time to 0.3 #578
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I understand that people are busy, but is there any chance that this PR in particular could be expedited? 🙏 Due to the linked CVE, |
|
cc @quodlibetor , would you like to take some time to review it? |
gstreamer-github
pushed a commit
to sdroege/gst-plugin-rs
that referenced
this pull request
Oct 18, 2021
|
cargo-audit just started failing because of this. |
2 tasks
|
Who knew one crate could do so much damage... 😆 |
|
Currently going through the process of depending on this PR with a workspace patch, and it's breaking a fair amount of downstream dependencies too due to the API breaking changes in When (if?) this merges, should probably be a bump to 0.5 |
|
I'll message the owner to see what we can do about this. You may temporarily switch to this PR by putting the following in your [patch.crates-io]
chrono = { git = "https://github.com/timvisee/chrono", branch = "time-0.3" }Edit: this doesn't fully fix it according to this, as |
|
FWIW I pinged him on Twitter with the PR |
2 tasks
|
Hi! Sorry about being AWOL ((now looking for additional help maintaining chrono)[https://www.reddit.com/r/rust/comments/qamgyh/comment/hh6h36h/?utm_source=reddit&utm_medium=web2x&context=3]). Unfortunately |
|
CI should run if you rebase on main. |
gstreamer-github
pushed a commit
to sdroege/gst-plugin-rs
that referenced
this pull request
Oct 19, 2021
Also waiting for chronotope/chrono#578
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 20, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 22, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
This was referenced Jul 24, 2022
bookinabox
pushed a commit
to bookinabox/kata-containers
that referenced
this pull request
Jul 27, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
foresterre
added a commit
to foresterre/cargo-msrv
that referenced
this pull request
Aug 1, 2022
135: RUSTSEC-2020-0071 and RUSTSEC-2020-0159: Potential segfault in localtime_r invocations r=foresterre a=foresterre Time crate has been updated, but we depend on chrono and are waiting for it to update. The PR is open but the maintainer seems unresponsive. For now, we'll wait a bit as it's actually very unlikely for the segfault to take place, and, the impact on cargo-msrv is not significant. In time, we may want to replace chrono, assuming it's unmaintained. ref chronotope/chrono#578 Co-authored-by: Martijn Gribnau <garm@ilumeo.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #553, #567
This updates the
timedependency to0.3. The crate has been refactored to followtimeAPI changes.This includes not-yet-merged changes made in #567.
Tasks:
timeto0.3when released (see Time v0.3 tracking issue time-rs/time#248)timeAPI changesnaive::date::tests::test_date_add(failing case)naive::datetime::tests::test_datetime_add(failing case)