chore: drop `time 0.1` dependency (RUSTSEC-2020-0071)

[Logarithmus]

We use your crate for our project and it pulls vulnerable time 0.1 crate. Now chrono made this dependency optional, but unfortunately it's still among default dependencies for backwards compatibility. See https://rustsec.org/advisories/RUSTSEC-2020-0071.html

[Logarithmus]

@olliemath I know you are not active on GitHub, but I still hope you'll find a free minute for my humble PR :)

[olliemath]

Hi @Logarithmus thanks for flagging this - I've been on vacation, hence the delay in getting back to you.

As a side-note: what are you using (if anything) for scanning the dependencies in your projects?

[olliemath]

This looks good to me - clippy is unhappy because chrono has deprecated Date (presumably as dates with timezones don't make much sense).

Will remove support for Date in an upcoming 0.3 release - and open a separate PR to skip the failing lines for now.

[olliemath]

Not sure why the pipeline builds are passing actually - locally they fail with this change (i.e. I can't run cargo build, cargo test etc.), which will delay any release until I can fix

[olliemath]

Not sure why the pipeline builds are passing actually - locally they fail with this change (i.e. I can't run cargo build, cargo test etc.), which will delay any release until I can fix

Ah I see - the chrono team made their own Duration type hashable in 0.4.24 (and locally Cargo was failing with a cached 0.4.19), so releasing this will require the dependency to be ^0.4.24 rather than 0.4.

[olliemath]

@Logarithmus you should be able to use 0.2.4 without pulling any extra dependencies now

[Logarithmus]

@olliemath thank you so much for merging this! This is the power of FOSS!

[Logarithmus]

@olliemath for vulnerability scan use https://lib.rs/cargo-audit