Scanning Cargo.lock for vulnerabilities (243 crate dependencies)
Crate: chrono
Version: 0.4.19
Title: Potential segfault in `localtime_r` invocations
Date: 2020-11-10
ID: RUSTSEC-2020-0159
URL: https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution: No safe upgrade is available!
Dependency tree:
chrono 0.4.19
└── tiny_http 0.9.0
tiny_http 0.10.0 changelog:
chrono replaced with time-rs
chrono was only used to store and format DateTime into the slightly odd format required by RFC 7231, so to avoid the numerous RUSTSEC advisories generated by the localtime_r issue, we can just drop it entirely and switch to time-rs. Unfortunately this means we need to bump our minimum tested compiler version to 1.51, and as such this change requires a full minor release.
reason:
cargo audit
fails on tiny_httptiny_http 0.10.0
changelog:chrono
replaced withtime-rs