search

Drakulix / simplelog.rs

Simple Logging Facility for Rust
https://docs.rs/simplelog/
Apache License 2.0
423 stars 71 forks source link

Chrono and time need an update #94

Closed okynos closed 2 years ago

okynos commented 2 years ago

Hello!

First of all, thanks for create and maintain this crate. I use it on my software called FIM

I have detected that some crates are in a low version and have segfaults. I used cargo-audit and it shows the following:

Crate:         chrono
Version:       0.4.19
Title:         Potential segfault in `localtime_r` invocations
Date:          2020-11-10
ID:            RUSTSEC-2020-0159
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution:      No safe upgrade is available!
Dependency tree:
chrono 0.4.19
└── simplelog 0.11.2
    └── fim 0.2.1

Crate:         time
Version:       0.1.43
Title:         Potential segfault in the time crate
Date:          2020-11-18
ID:            RUSTSEC-2020-0071
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:      Upgrade to >=0.2.23
Dependency tree:
time 0.1.43
└── chrono 0.4.19
    └── simplelog 0.11.2
        └── fim 0.2.1

Could we update this dependencies? I can open a PR if you wish.

Link to the Chrono issue https://github.com/chronotope/chrono/issues/499

Thanks!

Drakulix commented 2 years ago

Hello 👋, thanks for reporting this, but I think it is a duplicate of https://github.com/Drakulix/simplelog.rs/issues/89

I'll try to decide on a course of action soon and take some steps to mitigate this problem.

In the meantime, you may join the discussion in the other issue or subscribe to get notified, when the issue gets closed/resolved.