Replace usage of chrono with time crate
The time crate is the underlying crate which chrono uses for its various operations. Unfortunately, chrono is unmaintained and older versions of the time crate have security vulnerabilites[0] which are unfixed in chrono[1]. The medallion code does not use any chrono-specific features and all uses of it could be trivially replaced with the underlying time structs. Note that this change adds calls to `expect`. Where these calls are made, the previous chrono functions also panicked internally if out-of-range values were passed. We noticed this issue while doing a similar refactoring in a program that also uses medallion[2]. [0]: https://rustsec.org/advisories/RUSTSEC-2020-0071.html [1]: https://rustsec.org/advisories/RUSTSEC-2020-0159.html [2]: https://cl.tvl.fyi/c/depot/+/5311
This commit is contained in:
Vincent Ambo
parent
970f33d596
commit
025b143d88
3 changed files with 21 additions and 25 deletions
|
|
@ -21,4 +21,4 @@ openssl = "~0.10.15"
|
|||
serde = { version = "^1.0.114", features = [ "derive" ] }
|
||||
serde_json = "^1.0.55"
|
||||
anyhow = "^1.0.31"
|
||||
chrono = "~0.4.11"
|
||||
time = "~0.3"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue