From 695e288ccdbfd81049207d9e050423a61b466362 Mon Sep 17 00:00:00 2001
From: Alexey Zapparov <alexey@zapparov.com>
Date: Fri, 16 Dec 2022 06:13:25 +0100
Subject: [PATCH] sec: Remove vulnerable time-0.1.x chrono dependency

This dependency is optional for chrono and enabled by default for
backward compatibility only.

See: https://rustsec.org/advisories/RUSTSEC-2020-0071
See: https://github.com/chronotope/chrono/blob/v0.4.23/CHANGELOG.md#0416
---
 .changeset/remove-time-dependency.md | 7 +++++++
 Cargo.lock                           | 9 +--------
 Cargo.toml                           | 2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)
 create mode 100644 .changeset/remove-time-dependency.md

diff --git a/.changeset/remove-time-dependency.md b/.changeset/remove-time-dependency.md
new file mode 100644
index 000000000..c2a19193a
--- /dev/null
+++ b/.changeset/remove-time-dependency.md
@@ -0,0 +1,7 @@
+---
+"fnm": patch
+---
+
+Remove optional time-0.1.x chrono dependency.
+
+See: https://rustsec.org/advisories/RUSTSEC-2020-0071
diff --git a/Cargo.lock b/Cargo.lock
index c8ad86ed9..65c81b1c3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -275,7 +275,6 @@ dependencies = [
  "js-sys",
  "num-traits",
  "serde",
- "time 0.1.45",
  "wasm-bindgen",
  "winapi",
 ]
@@ -737,7 +736,7 @@ checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
 ]
 
 [[package]]
@@ -1968,12 +1967,6 @@ dependencies = [
  "try-lock",
 ]
 
-[[package]]
-name = "wasi"
-version = "0.10.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
-
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
diff --git a/Cargo.toml b/Cargo.toml
index b9c3a135e..37939979d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,7 +12,7 @@ description = "Fast and simple Node.js version manager"
 serde = { version = "1.0.166", features = ["derive"] }
 clap = { version = "4.3.10", features = ["derive", "env"] }
 serde_json = "1.0.100"
-chrono = { version = "0.4.26", features = ["serde"] }
+chrono = { version = "0.4.26", default-features = false, features = ["clock", "serde", "std", "wasmbind"] }
 tar = "0.4.38"
 xz2 = "0.1.7"
 node-semver = "2.1.0"