nanobowers
commented
2 months ago Looks like chrono is maintained again, so I think this can be closed.
Open dan-fritchman opened 1 year ago
nanobowers
commented
2 months ago Looks like chrono is maintained again, so I think this can be closed.
cargo auditruns such as this one:https://github.com/dan-fritchman/Layout21/pull/35/checks?check_run_id=10213135939
Have been turning up this advisory about the
chronocrate:https://rustsec.org/advisories/RUSTSEC-2020-0071.html
In which, if you do some fun multi-threaded environment-variable fiddling, it crashes, or sends your credit card numbers to North Korea, or something. After #35 our only usage of
chrono, and really any time-related stuff, is calling itsnowfunction to get a creation-time for newLibrarys. Thenowfunction is among those effected by the RUSTSEC.Rooting around the issue, it appears there's no workaround, and the author is not really supporting the
chronocrate. Of all those facts, the last seems the most concerning.There does not appear to be an obvious, popular replacement for this. The standard library's
SystemTime::nowreturns the integer (seconds, nanoseconds) in the epoch, which would need to be converted into (year, month, day, hour, minute, second) for formats that shall remain nameless, such as GDSII.