Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace parse_duration with humantime #2074

Merged
merged 1 commit into from
Jun 3, 2024

Conversation

nc7s
Copy link
Contributor

@nc7s nc7s commented Jun 1, 2024

The former is no longer maintained, with a long standing security advisory (RUSTSEC-2021-0041). The latter has 4M monthly downloads and no dependency.

Checks

  • I am happy for maintainers to push small adjustments to this PR, to speed up the review cycle
  • I have checked that there are no existing pull requests for the same thing

The former is no longer maintained, with a long standing security
advisory (RUSTSEC-2021-0041).
Copy link
Member

@ellie ellie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Although the reasoning to switch isn't that strong imo

  • humantime has had no commits in a similar time frame (3yrs)
  • parse_duration's CVE is applicable when parsing untrusted input, which we do not do

Happy to switch to something more widely used though

@ellie ellie merged commit b0b1d07 into atuinsh:main Jun 3, 2024
14 checks passed
@ellie
Copy link
Member

ellie commented Jun 3, 2024

Seeing as this is your first time contributing, if you would like a holographic contributors-only Atuin sticker, then please fill out this form!

We do also have a Discord if you'd like to ask any questions, or just fancy hanging out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants