augustuswm
commented
1 year ago Thanks for adding this. I'll work on getting the remaining clients updated so they no longer activate the feature.
Closed matt-phylum closed 1 year ago
augustuswm
commented
1 year ago Thanks for adding this. I'll work on getting the remaining clients updated so they no longer activate the feature.
chrono 0.4, for legacy reasons, has a dependency on time 0.1. time 0.1 has the potential for CVE-2020-26235.
This dependency can be avoided by turning off the default features. The build succeeds after changing this and disabling the Google clients (which use another library that brings in the default features I'm trying to avoid) so it looks like the other features were not being used directly here.