search

fdeantoni / prost-wkt

Prost Well-Known-Types serialization and deserialization.
Apache License 2.0
76 stars 35 forks source link

Remove dependency on deprecated time crate #31

Closed HHelmius closed 1 year ago

HHelmius commented 1 year ago

Background

The chrono version used here still supplies the oldtime feature, see here for more information. It therefore depends on the deprecated time crate which contains a possible segfault.

When running cargo audit on this projects or others implementing it you therefore get a warning.

Crate:     time
Version:   0.1.45
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.45
└── chrono 0.4.23
    ├── prost-wkt-types 0.3.4
    │   └── prost-wkt-example 0.3.4
    ├── prost-wkt-example 0.3.4
    └── prost-wkt 0.3.4
        ├── prost-wkt-types 0.3.4
        └── prost-wkt-example 0.3.4

error: 1 vulnerability found!

Changes in this PR

To avoid the import of the oldtime feature all default features in chrono have been disabled. While the other features could be enabled again they appear not to be used. Getting rid of them has the additional benefit of reducing the size of this crate heavily.

Testing done with these changes

No testing produced any errors

fdeantoni commented 1 year ago

This is great! Many thanks for putting this PR together! One of the checks did fail though:

error[E0599]: no function or associated item named `now` found for struct `chrono::Utc` in the current scope
[131](https://github.com/fdeantoni/prost-wkt/actions/runs/3704928878/jobs/6280513293#step:6:132)
Error:   --> example/src/main.rs:14:30
[132](https://github.com/fdeantoni/prost-wkt/actions/runs/3704928878/jobs/6280513293#step:6:133)
   |
[133](https://github.com/fdeantoni/prost-wkt/actions/runs/3704928878/jobs/6280513293#step:6:134)
14 |         timestamp: Some(Utc::now().into()),
[134](https://github.com/fdeantoni/prost-wkt/actions/runs/3704928878/jobs/6280513293#step:6:135)
   |                              ^^^ function or associated item not found in `chrono::Utc`

Perhaps chrono::Utc::now() is part of a feature that needs to be enabled in the example/Cargo.toml?

HHelmius commented 1 year ago

Thanks for taking a look! I see i missed the workspace flag when running testing. My mistake.

It seems like chrono::Utc is part of the clock module, so I added that back just like you said.