chore: remove `time` 0.1 & fix RUSTSEC-2020-0071 (#7568)

`time` 0.1 suffers from [RUSTSEC-2020-0071] and many upstream crates have tried to remove it for years. The last dependency is 1. `chrono-english` 2. `chrono` (default features) 3. `chrono` (oldtime) 4. `time` 0.1 `chrono-english` doesn't seem to be super well maintained, but I couldn't find a nice replacement for it. Luckily the master branch of `chrono-english` is already fixed, so let's just directly use that. [RUSTSEC-2020-0071]: https://rustsec.org/advisories/RUSTSEC-2020-0071 Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2023-04-17 14:36:10 +02:00 · 2023-04-17 14:36:10 +02:00 · 808a13cf40
parent e7511c0f33
commit 808a13cf40
5 changed files with 7 additions and 32 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -791,20 +791,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b"
 dependencies = [
 "iana-time-zone",
- "js-sys",
 "num-integer",
 "num-traits",
 "serde",
- "time",
- "wasm-bindgen",
 "winapi",
 ]

 [[package]]
 name = "chrono-english"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f73d909da7eb4a7d88c679c3f5a1bc09d965754e0adb2e7627426cef96a00d6f"
+version = "0.1.6"
+source = "git+https://github.com/stevedonovan/chrono-english.git?rev=def5941ebee24b55e1174eb18ab33d91603f907a#def5941ebee24b55e1174eb18ab33d91603f907a"
 dependencies = [
 "chrono",
 "scanlex",
@ -2100,7 +2096,7 @@ checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
 dependencies = [
 "cfg-if",
 "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
 ]

 [[package]]
@ -3515,7 +3511,7 @@ checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9"
 dependencies = [
 "libc",
 "log",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
 "windows-sys 0.45.0",
 ]

@ -5736,17 +5732,6 @@ dependencies = [
 "libc",
 ]

-[[package]]
-name = "time"
-version = "0.1.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a"
-dependencies = [
- "libc",
- "wasi 0.10.0+wasi-snapshot-preview1",
- "winapi",
-]
-
 [[package]]
 name = "tiny-keccak"
 version = "2.0.2"
@ -6404,12 +6389,6 @@ dependencies = [
 "try-lock",
 ]

-[[package]]
-name = "wasi"
-version = "0.10.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
-
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -116,6 +116,7 @@ license = "MIT OR Apache-2.0"
 [workspace.dependencies]
 arrow = { version = "37.0.0" }
 arrow-flight = { version = "37.0.0" }
+chrono-english = { git = "https://github.com/stevedonovan/chrono-english.git", rev = "def5941ebee24b55e1174eb18ab33d91603f907a" }
 datafusion = { git = "https://github.com/apache/arrow-datafusion.git", rev="ebb839068b9d99d3a3fea0a50a1e4baf4f1a5fca", default-features = false }
 datafusion-proto = { git = "https://github.com/apache/arrow-datafusion.git", rev="ebb839068b9d99d3a3fea0a50a1e4baf4f1a5fca" }
 hashbrown = { version = "0.13.2" }
--- a/deny.toml
+++ b/deny.toml
@ -7,11 +7,6 @@ yanked = "deny"
 unmaintained = "warn"
 notice = "warn"
 ignore = [
-    # title: Potential segfault in the time crate
-    # why needed: used by `chrono`
-    # upstream issue: https://github.com/chronotope/chrono/issues/553
-    "RUSTSEC-2020-0071",
-
    # potential unalinged read in atty
    # https://rustsec.org/advisories/RUSTSEC-2021-0145
    # Acceptable because only dependencies are dev/test (not used in prod code).
--- a/garbage_collector/Cargo.toml
+++ b/garbage_collector/Cargo.toml
@ -7,7 +7,7 @@ license.workspace = true

 [dependencies]
 chrono = { version = "0.4", default-features = false }
-chrono-english = "0.1.4"
+chrono-english = { workspace = true }
 clap = { version = "4", features = ["derive", "env"] }
 clap_blocks = { path = "../clap_blocks" }
 data_types = { path = "../data_types" }
--- a/iox_data_generator/Cargo.toml
+++ b/iox_data_generator/Cargo.toml
@ -9,7 +9,7 @@ license.workspace = true
 [dependencies]
 bytes = "1.4"
 chrono = { version = "0.4", default-features = false }
-chrono-english = "0.1.4"
+chrono-english = { workspace = true }
 clap = { version = "4", features = ["derive", "env", "cargo"] }
 datafusion_util = { path = "../datafusion_util" }
 futures = "0.3"