Layout21 icon indicating copy to clipboard operation
Layout21 copied to clipboard

Published 20 hours ago verified publisher icon dan-fritchman

The `Utc::now` RUSTSEC

Open dan-fritchman opened this issue 2 years ago • 1 comments

cargo audit runs such as this one:
https://github.com/dan-fritchman/Layout21/pull/35/checks?check_run_id=10213135939

Have been turning up this advisory about the chrono crate:
https://rustsec.org/advisories/RUSTSEC-2020-0071.html

In which, if you do some fun multi-threaded environment-variable fiddling, it crashes, or sends your credit card numbers to North Korea, or something. After #35 our only usage of chrono, and really any time-related stuff, is calling its now function to get a creation-time for new Librarys. The now function is among those effected by the RUSTSEC.

Rooting around the issue, it appears there's no workaround, and the author is not really supporting the chrono crate. Of all those facts, the last seems the most concerning.

There does not appear to be an obvious, popular replacement for this. The standard library's SystemTime::now returns the integer (seconds, nanoseconds) in the epoch, which would need to be converted into (year, month, day, hour, minute, second) for formats that shall remain nameless, such as GDSII.

dan-fritchman avatar Dec 20 '22 17:12 dan-fritchman

Looks like chrono is maintained again, so I think this can be closed.

nanobowers avatar Jul 17 '24 11:07 nanobowers