Resolve RUSTSEC-2020-0071 by removing time 0.1 dependency from chrono

in-toto / in-toto-rs

A rust implementation of in-toto

MIT License

32 stars 14 forks source link

Resolve RUSTSEC-2020-0071 by removing time 0.1 dependency from chrono #52

Closed kpcyrd closed 1 year ago

kpcyrd commented 1 year ago

Also upgrades two dependencies

adityasaky commented 1 year ago

Thanks @kpcyrd! Side note, I just realized we don't have dependabot configured here.

kpcyrd commented 1 year ago

Thanks for the fast merge! :)

kpcyrd commented 1 year ago

hi! :D could you release a new version with this change (either 0.3.1 or 0.4.0)?

Thanks!

adityasaky commented 1 year ago

Hey @kpcyrd, I'll try and have 0.4.0 out soon. I just opened https://github.com/in-toto/in-toto-rs/pull/55. Is it okay to have that merged and dependencies bumped before the release?

kpcyrd commented 1 year ago

Yes sure :)

adityasaky commented 1 year ago

Hey @kpcyrd: https://github.com/in-toto/in-toto-rs/releases/tag/v0.3.1, https://crates.io/crates/in-toto

v0.3.1 is live!

kpcyrd commented 1 year ago

Thanks, running cargo update and pushing the new Cargo.lock has resolved my dependabot alert! :)