Upgrade zip to 2.1.3 and fix the vulnerability in it's dependency

lnx-search / lnx

⚡ Insanely fast, 🌟 Feature-rich searching. lnx is the adaptable, typo tollerant deployment of the tantivy search engine.

https://lnx.rs

MIT License

1.25k stars 46 forks source link

Upgrade zip to 2.1.3 and fix the vulnerability in it's dependency #150

Closed sunxiaoguang closed 4 months ago

sunxiaoguang commented 5 months ago

The dependency zip 0.5.13 depends on a crate with vulnerability. This PR upgrades it and makes necessary changes according to the new interface.

Crate:     time
Version:   0.1.45
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Severity:  6.2 (medium)
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.45
└── zip 0.5.13
    └── lnx 0.9.0

ChillFish8 commented 5 months ago

I think this is a reasonable change, although i'd like to remove the dependency later on, best to fix it for now.