-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(time): Use chrono for offset #18
Conversation
chrono has fixed its vulnerability since v4.2.0 Fix filecoin-project#17 Signed-off-by: paulip1792 <paulip1792@outlook.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR. I'd like to wait until emabee/flexi_logger#120 is resolved as until then. One could potentially be still be vulnerable to RUSTSEC-2020-0159, if a Cargo.lock could still point to v0.4.19 of chrono.
Due to https://rustsec.org/advisories/RUSTSEC-2020-0159, it wasn't possible to get the local time in multi-threaded contexts. This was fixed with the latest release v0.24 of `flexi_logger`. It is using a fixed version of `chrono`, which also means that we don't have a dependency on `time` anymore. Closed #18.
Due to https://rustsec.org/advisories/RUSTSEC-2020-0159, it wasn't possible to get the local time in multi-threaded contexts. This was fixed with the latest release v0.24 of `flexi_logger`. It is using a fixed version of `chrono`, which also means that we don't have a dependency on `time` anymore. Closes #18.
Due to https://rustsec.org/advisories/RUSTSEC-2020-0159, it wasn't possible to get the local time in multi-threaded contexts. This was fixed with the latest release v0.24 of `flexi_logger`. It is using a fixed version of `chrono`, which also means that we don't have a dependency on `time` anymore. Closes #17, #18.
Due to https://rustsec.org/advisories/RUSTSEC-2020-0159, it wasn't possible to get the local time in multi-threaded contexts. This was fixed with the latest release v0.24 of `flexi_logger`. It is using a fixed version of `chrono`, which also means that we don't have a dependency on `time` anymore. Fixes #17. Closes #18.
@paulip1792 I've opened #19 with a fix. |
Due to https://rustsec.org/advisories/RUSTSEC-2020-0159, it wasn't possible to get the local time in multi-threaded contexts. This was fixed with the latest release v0.24 of `flexi_logger`. It is using a fixed version of `chrono`, which also means that we don't have a dependency on `time` anymore. Fixes #17. Closes #18.
@paulip1792 I've merged my PR into master. As you also provided a PR. Do you have a way to test the current master branch out if it works as expected? That would be appreciated. |
@vmx It works fine as expected. |
@paulip1792 Thanks for testing, I've released it as 0.1.7. |
chrono
has fixed its vulnerability since v4.2.0Fix #17