Coding And The Ravages Of Time

2022-09-03 00:45:35 PDT (last update 2022-09-06 21:56:47 PDT)

I'm very much into Rust programming (the language, not the video game) these days. The language seems kind of for real, and has some nice properties.

Back in December 2016 I participated in Advent of Code 2016. This was my second time doing AoC, I think, and I did it in Rust. This was about two years after Rust went 1.0, but it was already a very viable language. I ended up with this repository, which has over the years become one of my highest-starred Github repos.

Today I glanced at the repo for some reason and noticed that Dependabot, Github's security checker, had scattered many, many security advisories over my code. This is easy for Dependabot to do with Rust, since the libraries used all come from one place — crates.io — and security stuff is tracked really well.

security messages in a git repo

Even though a lot of these security warnings were redundant, this was still a bit alarming. I decided to see what I could do to bring my code up to 2022 standards, and eliminate the possible security issues in the process.

The good news is that this was ridiculously easier than in any other language I've worked with. Rust tools just automate the heck out of it. I eventually ended up shell-scripting most of the work. I brought all the code up to 2022 Edition, fixed all the warnings, and replaced a cryptography crate that was stale and vulnerable.

I also tried, as an experiment, just doing the minimum automated upgrades to keep things going. That was even easier, but of course I like the nicer result.

When I contrast this with my experiences with Haskell, Go, C and C++, it's just night and day. Rust is really a nice language.