chrono insecurly uses localtime_r

RUSTSEC-2020-0159 is about chrono calling localtime_r. Right now there is no safe version, see this issue: chronotope/chrono#499
jonasbb · Oct 18, 2021 · 7a9dffe · 7a9dffe
1 parent d91731b
commit 7a9dffe
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -1,7 +1,9 @@
 [advisories]
 ignore = [
-    # difference is unmaintained, is a dependency of pretty_assertions
-    "RUSTSEC-2020-0095",
+    # chrono: Potential segfault in `localtime_r` invocations
+    # chrono is an optional depenency, so we can ignore the warning.
+    # Right now there is no safe version of chrono to upgrade to.
+    "RUSTSEC-2020-0159",
 ]
 # warn for categories of informational advisories
 informational_warnings = [