feat: pin to working protos version, add lockfile (#124)

* feat: pin to working protos version, remove chrono dependency A patch release of the protos contained a breaking change. This pins to a version of the client protos that this library will compile successfully against. Also in this PR, github found a security vulnerability in the `time` library that `chrono` depended on. There is no new version of chrono that isn't pinned to a vulnerable version of `time`. We also don't really need to force a dependency on chrono on our users. To all of those ends, this commit removes the chrono dep in favor of the stdlib SystemTime.
momentohq · Feb 15, 2023 · 77e254d · 77e254d
1 parent d9c1ebb
commit 77e254d
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 18 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,7 +18,7 @@ members = [
 exclude = [ "example" ]
 
 [dependencies]
-momento-protos = { version = "0.42" }
+momento-protos = { version = "=0.42.4" }
 log = "0.4.17"
 hyper = { version = "0.14" }
 h2 = { version = "0.3" }
@@ -27,7 +27,6 @@ jsonwebtoken = "8.0.1"
 rand = "0.8.5"
 serde = {version = "1.0", features = ["derive"] }
 serde_json = "1.0.79"
-chrono = {version = "0.4.19", features = ["serde"] }
 thiserror = "1.0.38"
 
 [dev-dependencies]

diff --git a/src/response/create_signing_key_response.rs b/src/response/create_signing_key_response.rs
@@ -1,5 +1,5 @@
-use chrono::Utc;
 use serde::{Deserialize, Serialize};
+use std::time::SystemTime;
 
 /// The results of a singing key operation.
 #[derive(Debug, Serialize, Deserialize)]
@@ -9,7 +9,7 @@ pub struct MomentoCreateSigningKeyResponse {
  /// Key itself
  pub key: String,
  /// When the key expires
- pub expires_at: chrono::DateTime<Utc>,
+ pub expires_at: SystemTime,
  /// Endpoint for creating a pre-signed url
  pub endpoint: String,
 }
diff --git a/src/response/list_signing_keys_response.rs b/src/response/list_signing_keys_response.rs
@@ -1,11 +1,11 @@
-use chrono::Utc;
 use serde::{Deserialize, Serialize};
+use std::time::SystemTime;
 
 /// Response signing key for list of signing keys.
 #[derive(Debug, Serialize, Deserialize)]
 pub struct MomentoSigningKey {
  pub key_id: String,
- pub expires_at: chrono::DateTime<Utc>,
+ pub expires_at: SystemTime,
  pub endpoint: String,
 }
 

diff --git a/src/simple_cache_client.rs b/src/simple_cache_client.rs
@@ -1,4 +1,3 @@
-use chrono::{DateTime, NaiveDateTime, Utc};
 use momento_protos::{
  cache_client::scs_client::*,
  cache_client::*,
@@ -11,7 +10,7 @@ use serde_json::Value;
 use std::convert::TryFrom;
 use std::iter::FromIterator;
 use std::ops::RangeBounds;
-use std::time::Duration;
+use std::time::{Duration, UNIX_EPOCH};
 use std::{
  collections::{HashMap, HashSet},
  convert::TryInto,
@@ -395,11 +394,7 @@ impl SimpleCacheClient {
  let response = MomentoCreateSigningKeyResponse {
  key_id: kid.as_str().expect("'kid' not a valid str").to_owned(),
  key: res.key,
- expires_at: DateTime::<Utc>::from_utc(
- NaiveDateTime::from_timestamp_opt(res.expires_at as i64, 0)
- .expect("couldn't parse from timestamp"),
- Utc,
- ),
+ expires_at: UNIX_EPOCH + Duration::from_secs(res.expires_at),
  endpoint: self.data_endpoint.clone(),
  };
  Ok(response)
@@ -465,11 +460,7 @@ impl SimpleCacheClient {
  .iter()
  .map(|signing_key| MomentoSigningKey {
  key_id: signing_key.key_id.to_string(),
- expires_at: DateTime::<Utc>::from_utc(
- NaiveDateTime::from_timestamp_opt(signing_key.expires_at as i64, 0)
- .expect("couldn't parse timestamp from signing key"),
- Utc,
- ),
+ expires_at: UNIX_EPOCH + Duration::from_secs(signing_key.expires_at),
  endpoint: self.data_endpoint.clone(),
  })
  .collect();