The Utc::now RUSTSEC #38
Description
cargo audit runs such as this one:
https://github.com/dan-fritchman/Layout21/pull/35/checks?check_run_id=10213135939
Have been turning up this advisory about the chrono crate:
https://rustsec.org/advisories/RUSTSEC-2020-0071.html
In which, if you do some fun multi-threaded environment-variable fiddling, it crashes, or sends your credit card numbers to North Korea, or something. After #35 our only usage of chrono, and really any time-related stuff, is calling its now function to get a creation-time for new Librarys. The now function is among those effected by the RUSTSEC.
Rooting around the issue, it appears there's no workaround, and the author is not really supporting the chrono crate. Of all those facts, the last seems the most concerning.
There does not appear to be an obvious, popular replacement for this. The standard library's SystemTime::now returns the integer (seconds, nanoseconds) in the epoch, which would need to be converted into (year, month, day, hour, minute, second) for formats that shall remain nameless, such as GDSII.