Bump the chrono dependency to 0.4.20

Arnavion / k8s-openapi

Rust definitions of the resource types in the Kubernetes client API

Apache License 2.0

373 stars 42 forks source link

Bump the chrono dependency to 0.4.20 #124

Closed flavio closed 1 year ago

flavio commented 1 year ago

This is the latest release of chrono, which fixes the RUSTSEC-2020-0159 security issue.

Arnavion commented 1 year ago

There's no need for k8s-openapi to artificially enforce a higher version. It still compiles against older chrono. If a binary author wants a higher version because of the CVE, they would enforce it via their own lockfile.