Replace usage of chrono with time crate

The time crate is the underlying crate which chrono uses for its
various operations.

Unfortunately, chrono is unmaintained and older versions of the time
crate have security vulnerabilites[0] which are unfixed in chrono[1].

The medallion code does not use any chrono-specific features and all
uses of it could be trivially replaced with the underlying time
structs.

Note that this change adds calls to `expect`. Where these calls are
made, the previous chrono functions also panicked internally if
out-of-range values were passed.

We noticed this issue while doing a similar refactoring in a program
that also uses medallion[2].

[0]: https://rustsec.org/advisories/RUSTSEC-2020-0071.html
[1]: https://rustsec.org/advisories/RUSTSEC-2020-0159.html
[2]: https://cl.tvl.fyi/c/depot/+/5311
This commit is contained in:
Vincent Ambo 2022-02-18 13:18:40 +03:00 committed by Thomas Gideon
parent 970f33d596
commit 025b143d88
3 changed files with 21 additions and 25 deletions

View file

@ -21,4 +21,4 @@ openssl = "~0.10.15"
serde = { version = "^1.0.114", features = [ "derive" ] }
serde_json = "^1.0.55"
anyhow = "^1.0.31"
chrono = "~0.4.11"
time = "~0.3"