Closed flavio closed 1 year ago
There's no need for k8s-openapi to artificially enforce a higher version. It still compiles against older chrono. If a binary author wants a higher version because of the CVE, they would enforce it via their own lockfile.
This is the latest release of chrono, which fixes the RUSTSEC-2020-0159 security issue.