Replace dependency "chrono" with "time"

[matthiasbeyer]

Closes #30

Not sure whether this is everything it needs, but its a start I guess.

[dscottboggs]

First, thanks for noticing that vulnerable dependency. How did you notice that, and how can I check for that in the future? Is there a CI for this? If you don't know right away, that's ok, we can make an issue and I'll look into it when I have a chance.

Second, thanks for working this up. It works as written, for now. I tested it using the print_your_profile example, as-is in the repo and also by replacing the print call with serde_json::to_writer(stdout().lock(), &you);. If this is what we need to do for now to drop a serious vulnerability, we can merge it. That said, a couple notes:

• According to the time docs:

  • serde-well-known (implicitly enables serde-human-readable)

  This feature flag is deprecated and will be removed in a future breaking release. Use the serde-human-readable feature instead.

  Enables support for serializing and deserializing well-known formats using serde’s #[with] attribute.

  Is there no other solution/crate for serializing and, more importantly, deserializing ISO 8601 or RFC 3339 dates? I was under the impression chrono was a very widely used dependency, do you have any more information on why such a widely used dependency is itself not up-to-date, or more context about what specific vulnerability is present in time 0.1 and how severe or relevant it is?

• The JSON-serialized output is like "+002022-11-17T00:00:00.000000000Z", would like to not have all those zeroes, but like...better to have that than a serious vulnerability.

• clippy's complaining about the order of the use statements.

Also wanted to say, I like the human-readable format output by this.

[matthiasbeyer]

How did you notice that, and how can I check for that in the future?

In my repository, I got a CVE warning from dependabot (as dependabot is enabled in this repo, it should pop up some time in the future). So I followed the dependency chain and came from my crate to this, to chrono, to time.

Is there no other solution/crate for serializing and, more importantly, deserializing ISO 8601 or RFC 3339 dates?

time offers both. This patch removes chrono and goes for time in 0.3, which isn't vulnerable.
That should be enough, I guess. From what I found in the mastodon API docs, iso8601 is used... I hope I didn't miss anything there.

serde-well-known [...] This feature flag is deprecated

Ah, I will file a patch shortly. done

clippy's complaining about the order of the use statements.

Ah, I will fix this as well... done. I'm bad at running all the checks locally before submitting, sorry about that!

Also wanted to say, I like the human-readable format output by this.

What should I change?