You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
djc commented Mar 22, 2022
I'm going to close this because in its current version, chrono does not call the vulnerable APIs in time 0.1. Since chronotope/chrono#478 the dependency on time is fairly minimal and in the next semver-compatible version we'll remove it entirely.
According to the comment, this vulnerability should not be possible to hit.
When chrono is updated to remove the dependency, then this Issue should be Closed.
The text was updated successfully, but these errors were encountered:
This Issue is to acknowledge Dependabot Alert #2. (I'm unable to comment or otherwise acknowledge the Dependabot Alert unless it's closed!? π)
The dependency bringing in the vulnerability is
chrono
As of January 2023, I'm using the latest chrono version
0.4.23
which, according tocargo tree
, has the vulnerabletime
crate.It is discussed in chronotope/chrono#602 (comment) which is Closed.
According to the comment, this vulnerability should not be possible to hit.
When
chrono
is updated to remove the dependency, then this Issue should be Closed.The text was updated successfully, but these errors were encountered: