Disable chrono default features to mitigate segfault potential in time crate

fpagliughi / rust-industrial-io

Rust interface to the Linux Industrial I/O subsystem

MIT License

45 stars 21 forks source link

Disable chrono default features to mitigate segfault potential in time crate #22

Closed twallis-geotab closed 1 year ago

twallis-geotab commented 2 years ago

Running cargo audit in this crate reveals that there is a potential segfault in time v0.1.44. This is caused by the chrono v0.4.19 dependency pulling in time v0.1.44 as part of its default features. This PR disables chrono's default features in dev-dependencies to get around the issue, as chrono has not updated its own time dependency yet.

fpagliughi commented 1 year ago

Hey, thanks for the PR. Sorry it took so long to get back to working on this crate.

fpagliughi commented 1 year ago

Ugh. This broke the examples. I had to back it out.

And the segfault isn't a big worry. The chrono dependency is only used in the example apps, not the library itself. But it might be cool to figure out an alternate way to format the time, if this is really an issue. Or push to get a fix upstream.