bee icon indicating copy to clipboard operation
bee copied to clipboard
verified publisher icon iotaledger

Tracking Issue for `chrono`/`time` fixes

Open Adam-Gleave opened this issue 4 years ago • 5 comments

This is a tracking issue for addressing #783 and #779.

Steps

  • [ ] Remove chrono as a direct dependency of Bee.
  • [ ] Update any dependencies that have subdependencies on chrono or an effected time version, if these have been patched with fixes.
  • [x] For dependencies that appear inactive, fork and patch them ourselves, and submit a PR to the maintainer.
  • [ ] Remove the advisories CI bypass

Adam-Gleave avatar Oct 20 '21 15:10 Adam-Gleave

tracing has merged a patch for this issue, but we are waiting on a release.

Adam-Gleave avatar Oct 20 '21 15:10 Adam-Gleave

Opened this PR for simple_asn1, which is used in jsonwebtoken.

(This has now been merged).

Adam-Gleave avatar Oct 20 '21 16:10 Adam-Gleave

Opened this PR for jsonwebtoken, now that simple_asn1 has had a new release, and tokio-console has merged dependency updates.

Adam-Gleave avatar Oct 28 '21 11:10 Adam-Gleave

Looks like a lot has been made regarding to the two security issues, but this tracking issue is not updated for a while.

jyhi avatar Nov 18 '21 16:11 jyhi

We're just waiting for dependencies to merge the PRs we did to fix these issues.

thibault-martinez avatar Nov 18 '21 16:11 thibault-martinez