search

AlexanderThaller / prometheus_exporter

Helper libary to export prometheus metrics using tiny_http and rust-prometheus.
MIT License
28 stars 10 forks source link

Switch tiny_http version to 0.10 #25

Closed gadost closed 2 years ago

gadost commented 2 years ago

reason: cargo audit fails on tiny_http 

Scanning Cargo.lock for vulnerabilities (243 crate dependencies)
Crate:         chrono
Version:       0.4.19
Title:         Potential segfault in `localtime_r` invocations
Date:          2020-11-10
ID:            RUSTSEC-2020-0159
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution:      No safe upgrade is available!
Dependency tree: 
chrono 0.4.19
└── tiny_http 0.9.0

tiny_http 0.10.0 changelog:

chrono replaced with time-rs

chrono was only used to store and format DateTime into the slightly odd format required by RFC 7231, so to avoid the numerous RUSTSEC advisories generated by the localtime_r issue, we can just drop it entirely and switch to time-rs. Unfortunately this means we need to bump our minimum tested compiler version to 1.51, and as such this change requires a full minor release.

AlexanderThaller commented 2 years ago

Thanks for the contribution!