Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump time to 0.3 #578

Closed
wants to merge 10 commits into from
Closed

Bump time to 0.3 #578

wants to merge 10 commits into from

Conversation

timvisee
Copy link

@timvisee timvisee commented Jul 29, 2021

Fixes #553, #567

This updates the time dependency to 0.3. The crate has been refactored to follow time API changes.

This includes not-yet-merged changes made in #567.

Tasks:

@clux
Copy link

clux commented Oct 11, 2021

I understand that people are busy, but is there any chance that this PR in particular could be expedited? 🙏

Due to the linked CVE, cargo-audit is about to hit the entire ecosystem.

@PsiACE
Copy link

PsiACE commented Oct 14, 2021

cc @quodlibetor , would you like to take some time to review it?

@acim
Copy link

acim commented Oct 18, 2021

cargo-audit just started failing because of this.

@Milo123459
Copy link
Member

Who knew one crate could do so much damage... 😆

@glittershark
Copy link

Currently going through the process of depending on this PR with a workspace patch, and it's breaking a fair amount of downstream dependencies too due to the API breaking changes in time - so far I've got postgres and rinfluxdb at least, and there's likely much more.

When (if?) this merges, should probably be a bump to 0.5

@timvisee
Copy link
Author

timvisee commented Oct 18, 2021

I'll message the owner to see what we can do about this.

You may temporarily switch to this PR by putting the following in your Cargo.toml until this is resolved:

[patch.crates-io]
chrono = { git = "https://github.com/timvisee/chrono", branch = "time-0.3" }

Edit: this doesn't fully fix it according to this, as chrono itself has a similar problem.

@Milo123459
Copy link
Member

FWIW I pinged him on Twitter with the PR

@quodlibetor
Copy link
Contributor

Hi! Sorry about being AWOL ((now looking for additional help maintaining chrono)[https://www.reddit.com/r/rust/comments/qamgyh/comment/hh6h36h/?utm_source=reddit&utm_medium=web2x&context=3]).

Unfortunately time is part of the public API of Chrono. To update to time 0.3 we should add a time03 feature and leave the existing time feature and related code alone. If we do that, though, I would be happy to merge the resulting code.

@quodlibetor
Copy link
Contributor

CI should run if you rebase on main.

bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 20, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel due to yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files, so they have been hardcoded as separate steps. An
alternative that works is to use a matrix variable to run each
directory in a separate job. I opted not to do that because it uses a
bunch of runners and generates a lot of jobs, but open to feedback.

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel because 0.52.0 was a yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel because 0.52.0 was a yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel because 0.52.0 was a yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 21, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel because 0.52.0 was a yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 22, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel because 0.52.0 was a yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
bookinabox pushed a commit to bookinabox/kata-containers that referenced this pull request Jul 27, 2022
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

Some modifications were required for the repo to pass the tests:

 Updates ttrpc to avoid using nix 0.16.0
   https://rustsec.org/advisories/RUSTSEC-2021-0119

 Updates slog-json to avoid MLP license (copyleft)

 Updates crossbeam-channel because 0.52.0 was a yanked package

 Ignores https://rustsec.org/advisories/RUSTSEC-2020-0071
   because chrono is dependent on that version of time.
   chronotope/chrono#578

 Allow multiple versions of the same package
  (package dependencies require this)

 Adds "oci" to src/libs workplace

 Adds Apache-2.0 license to workplace modules that did not have them
 because cargo-deny complains about them not having licenses.

Notes
GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Fixes kata-containers#3359

Signed-off-by: Derek Lee <[email protected]>
foresterre added a commit to foresterre/cargo-msrv that referenced this pull request Aug 1, 2022
135: RUSTSEC-2020-0071 and RUSTSEC-2020-0159: Potential segfault in localtime_r invocations r=foresterre a=foresterre

Time crate has been updated, but we depend on chrono and are waiting for it to update. The PR is open but the maintainer seems unresponsive. For now, we'll wait a bit as it's actually very unlikely for the segfault to take place, and, the impact on cargo-msrv is not significant.
In time, we may want to replace chrono, assuming it's unmaintained.

ref chronotope/chrono#578

Co-authored-by: Martijn Gribnau <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update the time dependency