Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Fix cargo audit issue on chrono in Rust examples #4100

Closed
ysaito1001 opened this issue Dec 15, 2022 · 3 comments
Closed

[Bug]: Fix cargo audit issue on chrono in Rust examples #4100

ysaito1001 opened this issue Dec 15, 2022 · 3 comments
Assignees
@DavidSouther

Comments

@ysaito1001
Copy link
Contributor

Expected behavior

Examples should be error-free when run against cargo audit. There has been a PR in aws-sdk-rust that attempts to remove cargo audit's --ignore flags for RUSTSEC-2020-0071 and RUSTSEC-2020-0159. When cargo audit runs as part of CI for the PR, the check should pass, saying that no issues have been found.

Actual behavior

In the said PR, the following examples have been reported in CI to depend upon the chrono crate that can cause potential segfaults (per RUSTSEC-2020-0071). A cargo dependency tree leading to the issue looks as follows:

Dependency tree:
time 0.1.45
└── chrono 0.4.23
    ├── cognitoidentity-code-examples 0.1.0
    └── aws-smithy-types-convert 0.52.0
        ├── sitewise-code-examples 0.1.0
        ├── sagemaker-code-examples 0.1.0
        ├── cognitosync-code-examples 0.1.0
        ├── cognitoidentityprovider-code-examples 0.1.0
        ├── cognitoidentity-code-examples 0.1.0
        └── apigateway-code-examples 0.1.0

These examples should update their dependencies so that they do not depend on the chrono crate. An example fix can be found here. Ensure that cargo audit runs in CI so that the check runs against all of the submitted PRs.

This issue is currently blocking the PR to be merged in the main branch.

Steps to reproduce

1. Clone the aws-doc-sdk-examples
2. `cd` into `rust_dev_preview`
3. Run `rm Cargo.lock; cargo audit`, which should generate the report that appeared in CI

Logs / stacktrace (if applicable)

No response

Which SDK were you using?

Rust

Which OS were you using?

macOS

SDK version

No response

OS version

No response
This was referenced Dec 15, 2022
Closed
Closed
@brmur brmur assigned brmur and DavidSouther and unassigned brmur Dec 15, 2022
@brmur
Copy link
Contributor

brmur commented Dec 15, 2022

@DavidSouther to investigate

@github-actions
Copy link

github-actions bot commented Jan 6, 2023

Marked stale by the Shirriff. Notifying @awsdocs/aws-sdk-docs-code-maintainers

@DavidSouther
Copy link
Contributor

DavidSouther commented Jan 19, 2023
edited
Loading

There's a few crates, including SDK crates, that depend on Chrono 0.4.23 (the latest). This depends on a chrono update (or migrating off chrono).

Blocked on chronotope/chrono#602
and awslabs/aws-sdk-rust#646

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DavidSouther DavidSouther

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DavidSouther @ysaito1001 @brmur