Skip to content
This repository has been archived by the owner on Apr 4, 2023. It is now read-only.

Get rid of chrono in favor of time #450

Merged
merged 1 commit into from
Feb 15, 2022
Merged

Get rid of chrono in favor of time #450

merged 1 commit into from
Feb 15, 2022

Conversation

irevoire
Copy link
Member

@irevoire irevoire commented Feb 15, 2022
edited
Loading

We only use chrono as a wrapper around time, and since there has been an open CVE on chrono for at least 3 months now and the repo seems to be struggling with maintenance, I think we should use time directly which is way more active and sufficient for our use case.

EDIT: Actually the CVE status has been known for more than 6 months: chronotope/chrono#602

Kerollmops
Kerollmops approved these changes Feb 15, 2022
View reviewed changes
Copy link
Member

@Kerollmops Kerollmops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks goooood to me @irevoire! Thank you!
bors merge

@bors
Copy link
Contributor

bors bot commented Feb 15, 2022

Build succeeded:

@bors bors bot merged commit 0885fcf into main Feb 15, 2022
@bors bors bot deleted the time branch February 15, 2022 11:23
@MabezDev MabezDev mentioned this pull request Feb 16, 2022
Closed
@AurelienFT AurelienFT mentioned this pull request Mar 4, 2022
Merged
bors bot added a commit to massalabs/massa that referenced this pull request Mar 8, 2022
@bors @AurelienFT
Merge #2376
4e3c498 
2376: Fix security audit - get rid of chrono and use time directly r=AurelienFT a=AurelienFT

Chrono still use a very old version of time (0.1 now it's 0.3). They have a PR running since months for updating but it seems that there is communication problems that lead to long time development. The PR : chronotope/chrono#639

This break our CI like a lot of others projects that use `cargo audit`. A lot of projects that use chrono to do things that are now implemented in the new version of `time` has switched to use `time` directly instead of using tokio. Some examples : 
- brave/brave-browser#20568
- meilisearch/milli#450

So as we also only use chrono to make things that now possible in `time` which is more maintained I suggest in this PR a change to use `time` instead of `chrono`. So that it will fix our CI and make us use a more maintained dependency.

Fix #2374 

Co-authored-by: AurelienFT <aurelien.foucault@epitech.eu>
@curquiza curquiza added the DB breaking The related changes break the DB label Mar 15, 2022
@0x2ec 0x2ec mentioned this pull request Dec 1, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Kerollmops Kerollmops Kerollmops approved these changes

Assignees
No one assigned
Labels
DB breaking The related changes break the DB
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@irevoire @Kerollmops @curquiza