diff --git a/crates/chrono/RUSTSEC-2020-0159.md b/crates/chrono/RUSTSEC-2020-0159.md index 84d1a4ac0f..af8ff90f00 100644 --- a/crates/chrono/RUSTSEC-2020-0159.md +++ b/crates/chrono/RUSTSEC-2020-0159.md @@ -20,8 +20,26 @@ Unix-like operating systems may segfault due to dereferencing a dangling pointer ### Workarounds -No workarounds are known. +A possible workaround for crates affected through the transitive dependency in `chrono`, is to avoid using the default `oldtime` feature dependency of the `chrono` crate by disabling its `default-features` and manually specifying the required features instead. -### References +#### Examples: -- [time-rs/time#293](https://github.com/time-rs/time/issues/293) +`Cargo.toml`: + +```toml +chrono = { version = "0.4", default-features = false, features = ["serde"] } +``` + +```toml +chrono = { version = "0.4.22", default-features = false, features = ["clock"] } +``` + +Commandline: + +```bash +cargo add chrono --no-default-features -F clock +``` + +Sources: + - [chronotope/chrono#602 (comment)](https://github.com/chronotope/chrono/issues/602#issuecomment-1242149249) + - [vityafx/serde-aux#21](https://github.com/vityafx/serde-aux/issues/21) diff --git a/crates/time/RUSTSEC-2020-0071.md b/crates/time/RUSTSEC-2020-0071.md index cc1eeda40b..291a5b8ee3 100644 --- a/crates/time/RUSTSEC-2020-0071.md +++ b/crates/time/RUSTSEC-2020-0071.md @@ -72,26 +72,8 @@ Users of time 0.1 do not have a patch and should upgrade to an unaffected versio ### Workarounds -A possible workaround for crates affected through the transitive dependency in `chrono`, is to avoid using the default `oldtime` feature dependency of the `chrono` crate by disabling its `default-features` and manually specifying the required features instead. +No workarounds are known. -#### Examples: +### References -`Cargo.toml`: - -```toml -chrono = { version = "0.4", default-features = false, features = ["serde"] } -``` - -```toml -chrono = { version = "0.4.22", default-features = false, features = ["clock"] } -``` - -Commandline: - -```bash -cargo add chrono --no-default-features -F clock -``` - -Sources: - - [chronotope/chrono#602 (comment)](https://github.com/chronotope/chrono/issues/602#issuecomment-1242149249) - - [vityafx/serde-aux#21](https://github.com/vityafx/serde-aux/issues/21) +- [time-rs/time#293](https://github.com/time-rs/time/issues/293)