summaryrefslogtreecommitdiff
path: root/Cargo.lock
Commit message (Collapse)AuthorAgeFilesLines
* update dependencies ∴ version 0.1.1pennae2023-10-151-256/+279
|
* update for lots of cratespennae2023-07-271-623/+642
|
* update for remove_dir_all advisorypennae2023-03-071-159/+168
| | | | | | | | | | | | shouldn't have much impact on us, but let's be safe. Crate: remove_dir_all Version: 0.5.3 Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Date: 2023-02-24 ID: RUSTSEC-2023-0018 URL: https://rustsec.org/advisories/RUSTSEC-2023-0018 Solution: Upgrade to >=0.8.0
* update dependenciespennae2023-02-041-772/+683
| | | | | | a few were vulnerable according to cargo-audit, but none of it would've mattered for us (probably). time is still vulnerable, but that really doesn't matter.
* update dependenciespennae2022-08-101-142/+209
|
* remove dependency on chronopennae2022-07-251-2/+3
| | | | | | prompted by a cargo audit run. time works just as well and is better maintained. web-push still uses chrono, but from the looks of things it won't be affected.
* remove zeroize dependencypennae2022-07-171-1/+0
| | | | | | | | this is not so much a problem as a possible source of false security for the readers. all secret keys we handle are serialized in some form, and those serialization buffers are *not* zeroed out after use. zeroing our raw buffers doesn't help much in that case, using a zero-on-free allocator would be much more helpful.
* initial importpennae2022-07-131-0/+3269