minor-skulk.git - a firefox accounts server that does sync and nothing more

	Commit message (Collapse)	Author	Age	Files	Lines
*	update dependencies ∴ version 0.1.1	pennae	2023-10-15	1	-256/+279
\|
*	update for lots of crates	pennae	2023-07-27	1	-623/+642
\|
*	update for remove_dir_all advisory	pennae	2023-03-07	1	-159/+168
\| \| \| \| \| \| \| \| \| \| \| \|	shouldn't have much impact on us, but let's be safe. Crate: remove_dir_all Version: 0.5.3 Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Date: 2023-02-24 ID: RUSTSEC-2023-0018 URL: https://rustsec.org/advisories/RUSTSEC-2023-0018 Solution: Upgrade to >=0.8.0
*	update dependencies	pennae	2023-02-04	1	-772/+683
\| \| \| \| \| \|	a few were vulnerable according to cargo-audit, but none of it would've mattered for us (probably). time is still vulnerable, but that really doesn't matter.
*	update dependencies	pennae	2022-08-10	1	-142/+209
\|
*	remove dependency on chrono	pennae	2022-07-25	1	-2/+3
\| \| \| \| \| \|	prompted by a cargo audit run. time works just as well and is better maintained. web-push still uses chrono, but from the looks of things it won't be affected.
*	remove zeroize dependency	pennae	2022-07-17	1	-1/+0
\| \| \| \| \| \| \| \|	this is not so much a problem as a possible source of false security for the readers. all secret keys we handle are serialized in some form, and those serialization buffers are not zeroed out after use. zeroing our raw buffers doesn't help much in that case, using a zero-on-free allocator would be much more helpful.
*	initial import	pennae	2022-07-13	1	-0/+3269