crate-ci / cargo-release / 21728818860
9%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 24
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 9.333% (+0.04%) from 9.293%
21728818860

push

github

web-flow 
chore(deps): Update Rust crate time to v0.3.47 [SECURITY] (#934)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [time](https://time-rs.github.io)
([source](https://redirect.github.com/time-rs/time)) | dependencies |
patch | `0.3.46` → `0.3.47` |

### GitHub Vulnerability Alerts

####
[CVE-2026-25727](https://redirect.github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc)

### Impact

When user-provided input is provided to any type that parses with the
RFC 2822 format, a Denial of Service attack via stack exhaustion is
possible. The attack relies on formally deprecated and rarely-used
features that are part of the RFC 2822 format used in a malicious
manner. Ordinary, non-malicious input will never encounter this
scenario.

### Patches

A limit to the depth of recursion was added in v0.3.47. From this
version, an error will be returned rather than exhausting the stack.

### Workarounds

Limiting the length of user input is the simplest way to avoid stack
exhaustion, as the amount of the stack consumed would be at most a
factor of the length of the input.

---

### Release Notes

<details>
<summary>time-rs/time (time)</summary>

###
[`v0.3.47`](https://redirect.github.com/time-rs/time/blob/HEAD/CHANGELOG.md#0347-2026-02-05)

[Compare
Source](https://redirect.github.com/time-rs/time/compare/v0.3.46...v0.3.47)

##### Security

- The possibility of a stack exhaustion denial of service attack when
parsing RFC 2822 has been
eliminated. Previously, it was possible to craft input that would cause
unbounded recursion. Now,
the depth of the recursion is tracked, causing an error to be returned
if it exceeds a reasonable
  limit.

This attack vector requires parsing user-provided input, with any type,
using the RFC 2822 format.

##### Compatibility

- Attempting to format a value with a well-known format (i.e. RFC 3339,
RFC 2822, or ISO 8601) will
error at compile time if the type being formatted does ... (continued)

231 of 2475 relevant lines covered (9.33%)

0.14 hits per line

Jobs
ID Job ID Ran Files Coverage
1 21728818860.1 24
9.33
 GitHub Action Run
Source Files on build 21728818860