New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cargo audit finding in cert-renewal #481
Comments
That CVE has been discussed to death already. The tl;dr is:
And, since we only use chrono's UTC time API, there is no code path in i-i-s that is affected. |
* Adding rust audit. * Update clap version + derive_builder (they clashed). * Ignoring specific CVE which can be ignored Azure/iot-identity-service#481 * Updating python lock. * Revert `derive-builder` update. * Adding back help msg.
Hi everybody
Running cargo audit points out the following vulnerability:
which is introduced here:
iot-identity-service/cert/cert-renewal/Cargo.toml
Line 9 in bc310c7
A PR fixing the issue can be found here: #482
The text was updated successfully, but these errors were encountered: