search

EventStore / EventStoreDB-Client-Rust

Rust EventStoreDB gRPC Client
MIT License
50 stars 13 forks source link

remove default-features for the crate 'chrono' #160

Closed jcornaz closed 1 year ago

jcornaz commented 1 year ago

Fixed: No longer transitively depend on time 0.1

Hi,

eventstore is depending on chrono with default features enabled, which transitively depends on the crate time 0.1 that has a known vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26235

But, as far as I can see, eventstore does not need the oldtime feature enabled by default by chrono, and could therefore remove the transitive dependency on the vulnerable crate time 0.1 by disabling the default features of chrono.

YoEight commented 1 year ago

Thanks @jcornaz for your contribution and sorry for just spotting your PR.