Commits on Aug 5, 2022

1. Upgrade chrono to 0.4.20 to address RUSTSEC-2020-0159 …

   See the release announcement:
   
   - https://github.com/chronotope/chrono/releases/tag/v0.4.20
   
   It looks like the fix for RUSTSEC-2020-0159 vendors much of the relevant
   code from `tz-rs` (which Artichoke already uses):
   
   - chronotope/chrono#677
   
   Previous `cargo deny` error (I think this started triggering today now
   that there is a fixed version out):
   
   ```console
   $ cargo deny check
   error[A001]: Potential segfault in `localtime_r` invocations
      ┌─ /Users/lopopolo/dev/artichoke/artichoke/Cargo.lock:15:1
      │
   15 │ chrono 0.4.19 registry+https://github.com/rust-lang/crates.io-index
      │ ------------------------------------------------------------------- security vulnerability detected
      │
      = ID: RUSTSEC-2020-0159
      = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0159
      = ### Impact
   
        Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
   
        ### Workarounds
   
        No workarounds are known.
   
        ### References
   
        - [time-rs/time#293](time-rs/time#293)
      = Announcement: chronotope/chrono#499
      = Solution: Upgrade to >=0.4.20
      = chrono v0.4.19
        ├── chrono-tz v0.6.1
        │   └── spinoso-time v0.5.0
        │       └── artichoke-backend v0.13.0
        │           └── artichoke v0.1.0-pre.0
        └── spinoso-time v0.5.0 (*)
   
   advisories FAILED, bans ok, licenses ok, sources ok
   ```

   

   lopopolo committed Aug 5, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 48925dc
   • Browse repository at this point

   Copy the full SHA

   48925dc View commit details

   Browse the repository at this point in the history