-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump time to 0.3 #578
Bump time to 0.3 #578
Conversation
I understand that people are busy, but is there any chance that this PR in particular could be expedited? 🙏 Due to the linked CVE, |
cc @quodlibetor , would you like to take some time to review it? |
cargo-audit just started failing because of this. |
Who knew one crate could do so much damage... 😆 |
Currently going through the process of depending on this PR with a workspace patch, and it's breaking a fair amount of downstream dependencies too due to the API breaking changes in When (if?) this merges, should probably be a bump to 0.5 |
I'll message the owner to see what we can do about this. You may temporarily switch to this PR by putting the following in your [patch.crates-io]
chrono = { git = "https://github.com/timvisee/chrono", branch = "time-0.3" } Edit: this doesn't fully fix it according to this, as |
FWIW I pinged him on Twitter with the PR |
Hi! Sorry about being AWOL ((now looking for additional help maintaining chrono)[https://www.reddit.com/r/rust/comments/qamgyh/comment/hh6h36h/?utm_source=reddit&utm_medium=web2x&context=3]). Unfortunately |
CI should run if you rebase on main. |
Also waiting for chronotope/chrono#578
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel due to yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files, so they have been hardcoded as separate steps. An alternative that works is to use a matrix variable to run each directory in a separate job. I opted not to do that because it uses a bunch of runners and generates a lot of jobs, but open to feedback. Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
Adds cargo-deny to scan for vulnerabilities and license issues regarding rust crates. Some modifications were required for the repo to pass the tests: Updates ttrpc to avoid using nix 0.16.0 https://rustsec.org/advisories/RUSTSEC-2021-0119 Updates slog-json to avoid MLP license (copyleft) Updates crossbeam-channel because 0.52.0 was a yanked package Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071 because chrono is dependent on that version of time. chronotope/chrono#578 Allow multiple versions of the same package (package dependencies require this) Adds "oci" to src/libs workplace Adds Apache-2.0 license to workplace modules that did not have them because cargo-deny complains about them not having licenses. Notes GitHub Actions does not have an obvious way to loop over each of the Cargo.toml files. To avoid hardcoding it, I worked around the problem using a composite action that first generates the cargo-deny action by finding all Cargo.toml files before calling this new generated action in the master workflow. Fixes kata-containers#3359 Signed-off-by: Derek Lee <derlee@redhat.com>
135: RUSTSEC-2020-0071 and RUSTSEC-2020-0159: Potential segfault in localtime_r invocations r=foresterre a=foresterre Time crate has been updated, but we depend on chrono and are waiting for it to update. The PR is open but the maintainer seems unresponsive. For now, we'll wait a bit as it's actually very unlikely for the segfault to take place, and, the impact on cargo-msrv is not significant. In time, we may want to replace chrono, assuming it's unmaintained. ref chronotope/chrono#578 Co-authored-by: Martijn Gribnau <garm@ilumeo.com>
Fixes #553, #567
This updates the
time
dependency to0.3
. The crate has been refactored to followtime
API changes.This includes not-yet-merged changes made in #567.
Tasks:
time
to0.3
when released (see Time v0.3 tracking issue time-rs/time#248)time
API changesnaive::date::tests::test_date_add
(failing case)naive::datetime::tests::test_datetime_add
(failing case)