As can be seen here, cargo-audit fails due to a number of issues occurring lower in the crate dependency tree. Thus we cannot fix any of the issues directly by updating dependencies of Parsec (yet), but we might be able to help with updating our dependencies in that regard.
The main issue that must be fixed is the segfault that was discovered in time, which is ultimately a dependency of spiffe. Currently a fix for this is blocked because the PR attempting to bump the import in chrono is stalled (see here).
The other issues regarding yanked versions of const-oid and der are waiting for updates up in the chain, which end up feeding into spiffe again. Our plan of action should be to report this to the owner of spiffe, and whenever updates are available to help with patching them there.
As can be seen here,
cargo-auditfails due to a number of issues occurring lower in the crate dependency tree. Thus we cannot fix any of the issues directly by updating dependencies of Parsec (yet), but we might be able to help with updating our dependencies in that regard.The main issue that must be fixed is the segfault that was discovered in
time, which is ultimately a dependency ofspiffe. Currently a fix for this is blocked because the PR attempting to bump the import inchronois stalled (see here).The other issues regarding yanked versions of
const-oidandderare waiting for updates up in the chain, which end up feeding intospiffeagain. Our plan of action should be to report this to the owner ofspiffe, and whenever updates are available to help with patching them there.timedependency fixedderandconst-oiddependencies fixed