fix: replace chrono with time for security vuln fix

chrono depends on an old version of the time crate, which is vulnerable
to CVE-2020-26235. Replace everything with the updated time crate -- we
don't need all the functionality from the chrono crate anyway.

release-helper/Cargo.toml

@@ -9,7 +9,7 @@ license-file = "LICENSE"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-chrono = "0.4.26"
+time = { version = "0.3.23", features = ["formatting", "local-offset", "macros"] }
 clap = { version = "4.3.10", features = ["derive"] }
 regex = "1.8.4"
 semver = "1.0.17"

release-helper/src/main.rs

@@ -1,9 +1,9 @@
-use chrono::prelude::Local;
 use clap::{Parser, Subcommand};
 use std::fs;
 use std::io::BufReader;
 use std::process::Command;
 use std::{io::BufRead, path::Path};
+use time::{format_description::FormatItem, OffsetDateTime};
 
 use semver::Version;
 
@@ -15,6 +15,9 @@ const VERSION: &str = env!("CARGO_PKG_VERSION");
 const CHANGELOG_FILE_NAME: &str = "CHANGELOG.md";
 const VERSION_FILE_NAME: &str = "version.txt";
 
+// Define timestamp format
+const TIMESTAMP_FORMAT: &[FormatItem] = time::macros::format_description!("[year]-[month]-[day]");
+
 #[derive(Parser, Debug)]
 #[command(name = "shipper-release")]
 #[command(author = "Eric Park <me@ericswpark.com>")]
@@ -96,9 +99,10 @@ fn check_running_directory() -> bool {
 }
 
 fn today_iso8601() -> String {
-    let today = Local::now();
+    let today =
+        OffsetDateTime::now_local().expect("Could not determine the UTC offset on this system!");
 
-    today.format("%Y-%m-%d").to_string()
+    today.format(TIMESTAMP_FORMAT).unwrap()
 }
 
 fn generate_changelog(major: bool, minor: bool, patch: bool) {