acw/simple_asn1
1
0
Fork 0
Code Issues 6 Pull requests 2 Projects Releases Packages Wiki Activity Actions

The 0.6.4 release bumped the MSRV to 1.88 by pinning time to 0.3.47 #40

New issue
Open
opened 2026-02-13 03:22:54 -08:00 by tillrohrmann · 2 comments
tillrohrmann commented 2026-02-13 03:22:54 -08:00 (Migrated from github.com)
Copy link

The latest 0.6.4 release implicitly bumped the MSRV to 1.88 because it pinned the time dependency to 0.3.47. The change was introduced with github.com/acw/simple_asn1@b40a5dcd97. I am wondering whether this is strictly needed as our library is now failing to build with it's MSRV of 1.85. Alternatively, we could think about announcing the MSRV of this library. That way cargo can pick an older version of simple_asn1 that satisfies the MSRV requirements.

The latest 0.6.4 release implicitly bumped the MSRV to 1.88 because it pinned the time dependency to 0.3.47. The change was introduced with https://github.com/acw/simple_asn1/commit/b40a5dcd970c8b15d20998bde7bf8fcf2be8e502. I am wondering whether this is strictly needed as our library is now failing to build with it's MSRV of 1.85. Alternatively, we could think about announcing the MSRV of this library. That way cargo can pick an older version of simple_asn1 that satisfies the MSRV requirements.
acw commented 2026-02-23 20:12:40 -08:00 (Migrated from github.com)
Copy link

Hey Til! Sorry about that. The update was due to a security advisory, and it doesn't look like there's a newer version to pin to. I think the best bet might be to have this library set its MSRV, then, unfortunately.

Hey Til! Sorry about that. The update was due to a [security advisory](https://rustsec.org/advisories/RUSTSEC-2026-0009.html), and it doesn't look like there's a newer version to pin to. I think the best bet might be to have this library set its MSRV, then, unfortunately.
arckoor commented 2026-04-11 08:22:49 -07:00 (Migrated from github.com)
Copy link

I'm also encountering this issue. Judging from the advisory though, this is only relevant if you parse with the RFC 2822 format. I'm not intimately familiar with all the edge cases ASN.1 might have, but I at least failed to find any uses of time::format_description::well_known::Rfc2822 in the code, so I'm wondering if the bump was even necessary?

I'm also encountering this issue. Judging from the [advisory](https://github.com/advisories/GHSA-r6v5-fh4h-64xc) though, this is only relevant if you parse with the RFC 2822 format. I'm not intimately familiar with all the edge cases ASN.1 might have, but I at least failed to find any uses of `time::format_description::well_known::Rfc2822` in the code, so I'm wondering if the bump was even necessary?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
patch-1
warning-clean
fix/code-cleanup
fix/13
No results found.
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
question

   
wontfix
No labels
bug
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
acw/simple_asn1#40
No description provided.