cmdln/medallion
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
56 commits 1 branch 0 tags 95 KiB
Commit graph

8 commits

Author SHA1 Message Date
Vincent Ambo 025b143d88 Replace usage of chrono with time crate 
The time crate is the underlying crate which chrono uses for its
various operations.

Unfortunately, chrono is unmaintained and older versions of the time
crate have security vulnerabilites[0] which are unfixed in chrono[1].

The medallion code does not use any chrono-specific features and all
uses of it could be trivially replaced with the underlying time
structs.

Note that this change adds calls to `expect`. Where these calls are
made, the previous chrono functions also panicked internally if
out-of-range values were passed.

We noticed this issue while doing a similar refactoring in a program
that also uses medallion[2].

[0]: https://rustsec.org/advisories/RUSTSEC-2020-0071.html
[1]: https://rustsec.org/advisories/RUSTSEC-2020-0159.html
[2]: https://cl.tvl.fyi/c/depot/+/5311
 2022-02-19 08:29:40 -05:00
Thomas Gideon 4776132e51 Migrated to anyhow and chrono from failure and time crates. 2020-06-22 11:52:53 -04:00
Thomas Gideon 7fcae534f2
Switch to failure (#6) 
* Switch to failure

* Bump version
 2018-11-16 17:28:01 -05:00
Thomas Gideon 1b594ff60e
Add defaults for generic parameters (#5) 2018-08-05 12:03:58 -04:00
Thomas Gideon aac6d9f7b5 Lints and formatting 2018-03-12 09:43:57 -04:00
Thomas Gideon f1db24606b Upgrade to Serde 1.0 (#2) 
* Bump openssl
* Fix naive code that was breaking serde 1.0
 2017-05-01 13:38:04 -04:00
Thomas Gideon 0aa3aa6faa Verify not before and expiration claims, if present 2017-04-05 16:33:39 -04:00
Thomas Gideon 3c9fd6b13b Refactor header claims (#1) 
Simplify customization, bump to 2.0.0.
 2017-03-07 14:03:24 -05:00