Closed extrawurst closed 2 years ago
Drakulix
commented
2 years ago chrono is currently used to get the current date (UTC and Local) as well as custom formatting of the printed time string. (see https://github.com/Drakulix/simplelog.rs/search?q=chrono)
If that sounds like something that time can also provide, I would accept a PR replacing chrono.
But right now - although I understand that this is rather critical for some people - I just do not have the capacity to do this on my own.
extrawurst
commented
2 years ago the more I investigated this the more I doubt switching to time will help, it currently simply returns Err every time you want to convert between UTC and Loca or just read out the local time zone :(
Drakulix
commented
2 years ago If you open up any issues over at the time-repository, that can be used to track if this behavior is fixed, please link them here (like you did with the chrono issue). This way, I can easily keep monitoring the situation.
extrawurst
commented
2 years ago Just stumbled over this: https://www.reddit.com/r/rust/comments/qs7l6p/psa_the_time_crate_once_again_supports_obtaining
here is a tracking issue: https://github.com/time-rs/time/issues/380
tuesdaycodes
commented
2 years ago @Drakulix per https://github.com/chronotope/chrono/pull/639 chrono seems to be unmaintained and wont be fixed. https://github.com/time-rs/time/issues/380 ref by @extrawurst seems to be merged and time updated quite a bit.
will simplelog be updated soon to remove the insecure and unmaintained chrono crate?
extrawurst
commented
2 years ago it really depends how chrono Is used though. if we do not rely on timezones the time-rs fix does the trick, otherwise the problem is that the time-rs 'fix' will error if you ask for a localtime (piecing this together from memory, but it had limitations)
tuesdaycodes
commented
2 years ago is that with the newest vers of time?
Drakulix
commented
2 years ago Alright, I have replaced chrono with time on this branch: #95
Given that this causes some api breakage and is not entirely feature compatible with what simplelog did provide (unsoundly) with chrono, I will not put out a release right away, but ask everything involved and watching to test and review the new changes.
For convenience this was also published as version 0.12.0-alpha1 on crates.io. When no new issues or suggestions popup, this will be released as 0.12.0 shortly, but otherwise I will take the time needed to revise the api. Anyone with an immediate need to update my use the alpha version(s?) in the meantime.
Please continue the discussion on #95. (This issue will be kept open until this is resolved for better visibility, but discussion surrounding the new approach/implementation should be directed to the pull request.)
Drakulix
commented
2 years ago Fixed by #95
Projects using simplelog are currently affected by RUSTSEC-2020-0159. There is also current discussion in the chrono repo about fixing the situation there: chronotope/chrono#499.
Still I was wondering how much of the chrono features simplelog actually relies on?
chronois based ontimeand the later caught up a lot on most of the same featureschronoprovides. Is it an option to cut out the chrono dependency entirely like many other crates do these days and usetimedirectly?