Switch from chrono to time
#61
Conversation
There is unsoundness in `chrono` (https://rustsec.org/advisories/RUSTSEC-2020-0159), and although we don't use the affected APIs, the advisory still fires. `time` ≥3 does not have this unsoundness, and supports almost‡ all the necessary APIs, so we can quite simply swap it out. Since the `chrono` types are used in some APIs, those signatures have had to change, making this a breaking change. Since it's already a breaking change, the feature is also renamed from `chrono` to `time`. ‡ `time` does not support leap seconds in their representation or parsing. In this commit, we simply ignore leap seconds, which also constitutes a breaking change since values with leap seconds will parse differently (they parse to the previous second).
|
So it looks like
Additionally, one of the change notes says:
The current MSRV for the latest I don't see any documentation for MSRV for this repo. The two sensible options seem to be:
|
Some optional dependencies, for example `time`, have a more strict MSRV than this crate. Rather than having to upgrade our MSRV or pin outdated versions of dependencies, we can instead explicitly exclude optional features from the MSRV. The test CI workflow has been updated to not run tests with features on MSRV.
|
I went ahead and added a commit taking the second approach (caveat the documented MSRV with "Optional feature flags that enable interoperability with third-party crates (e.g. Let me know if you'd prefer another approach. |
There was a problem hiding this comment.
Thanks for filing this PR! Some remarks
- the docs of the
from_datetimeandfrom_datetime_optanddatetimefunctions should be changed to mentionOffsetDateTimeinstead of datetime. - regarding the MSRV, I'm open towards increasing it to as recent as 1.51 to match the time crate, but then ideally yasna.rs itself also uses at least one feature that has been introduced by the respective version. The changes regarding MSRV from this PR are fine, just saying that this can be the subject of future PRs. Increasing the MSRV to older releases than 1.51 is also possible, there just needs to be a feature that is worth the change.
- the biggest issue I have with the PR is the missing handling of leap seconds. They still exist and even single seconds are treated seriously in the security domain. I'm not sure I can accept a PR that switches to a library that ignores leap seconds, but happy to hear input on this.
src/models/time.rs
Outdated
| @@ -671,7 +644,7 @@ fn test_generalized_time_parse() { | |||
|
|
|||
| let datetime = | |||
| GeneralizedTime::parse(b"19990101085960.1234+0900").unwrap(); | |||
| assert_eq!(&datetime.to_string(), "19981231235960.1234Z"); | |||
| assert_eq!(&datetime.to_string(), "19981231235959.1234Z"); | |||
There was a problem hiding this comment.
This is definitely not great.
|
Thanks for the feedback! I'll see what can be done regarding leap second handling. I didn't find much when searching the Good catch about the docs, I should review them more carefully. Regarding the MSRV, I think that makes sense. I'm inclined to leave it as-is in this PR, sadly not sure I'm able to go down the route of a more general upgrade. |
|
Re the leap seconds, I've opened an issue at: time-rs/time#377 . It seems that the time maintainers want proper handling instead of the improper one that the chrono crate has. |
There was a problem hiding this comment.
So I've thought about it a little, and it's definitely not great that round trip ability is hurt by this. Should the need arise (users complain or such), we can implement our own datatype and provide converters to the time formst.
I really hope future versions of the time crate support leap seconds and if so, we can enable them. Could you add TODOs to the test as well as to the place where we are ignoring leap seconds?
This is a better match for the `time` terminology.
This is a bit of hack until `time` has built-in support for leap seconds. When we detect a leap second in `GeneralizedTime`, we set the `is_leap_second` flag to true. When serializing to bytes, we check the flag and bump the seconds to 60 if it's set. A debug assert ensures we'll notice if the flag is set incorrectly.
|
I've pushed a couple of commits, one fixing the docs and another with a hack for round-tripping leap seconds. The hack brings back the previous test assertion, and I updated the documentation for If you'd prefer I can drop the hack and just document as TODO – I started with this before I noticed your last comment 😄 |
I'm interested in seeing rustls/rcgen#65 resolved, so thought I'd take a crack at replacing
chronowithtimehere to see if there was appetite to merge such a change.Overall the change was fairly mechanical, with
times API actually being a bit neater in the end, imo. The main limitation seems to be regarding leap seconds. For now I've gone for simply ignoring them. Another option would be to record it in theUTCTime/GeneralizedTimestructs themselves, so that it can be round-tripped in parsing/formatting (but would still not be recorded in the underlyingOffsetDateTime, exposed through thedatetime()method).Since
chronotypes were used in the API, this is a breaking API change. Since a breaking change was already necessary, I also changed the feature totime.I've tried to preserve the existing formatting, however some of it may have drifted to default
rustfmtstyle. Let me know if anything needs changed.