search

Aardwolf-Social / aardwolf

Powering connected social communities with open software.
GNU Affero General Public License v3.0
481 stars 40 forks source link

Banjofox/bump cargo versions 2023 07 18 #295

Closed BanjoFox closed 1 year ago

BanjoFox commented 1 year ago

About: Running cargo audit I saw that there was one vulnerability (medium) that was picked up. Checked all of the Cargo.toml files, and bumped a few non-ructe versions to try to clear that up. Unfortunately the package time is part of chrono which is already at latest.

Testing: I did also do a cargo test --bin aardwolf-server to ensure that nothing else broke, and all tests came back OK.

Cargo audit output

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 554 security advisories (from /home/quixote/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (359 crate dependencies)
Crate:     time
Version:   0.1.45
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Severity:  6.2 (medium)
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.45
└── chrono 0.4.26
    ├── diesel 2.1.0
    │   ├── aardwolf-types 0.1.0
    │   │   ├── aardwolf-templates 0.1.0
    │   │   │   └── aardwolf-actix 0.1.0
    │   │   │       └── aardwolf 0.1.0
    │   │   └── aardwolf-actix 0.1.0
    │   ├── aardwolf-models 0.1.0
    │   │   ├── aardwolf-types 0.1.0
    │   │   ├── aardwolf-test-helpers 0.1.0
    │   │   │   └── aardwolf-types 0.1.0
    │   │   ├── aardwolf-templates 0.1.0
    │   │   └── aardwolf-actix 0.1.0
    │   └── aardwolf-actix 0.1.0
    ├── chrono-tz 0.8.3
    │   └── aardwolf-models 0.1.0
    └── aardwolf-models 0.1.0