Closed alekspickle closed 1 year ago
Can it even happen in practice in jsonwebtoken? I'd rather not yank 3 years old version at this point
Well I mean, that's your decision anyway - to enforce onto users or don't.
I checked out the 7.2.0 and it uses Utc::now
which is included in advisory case.
I totally get that not all maintainers are eager to yank all impacted old versions though.
It's just not all devs know about cargo audit
, especially new ones.
Anyway, I'll leave you to it, thanks for a quick response!
I was just wondering does it makes sense to yank 7.2.0 version from crates.io because it depends on a time crate version with a potential segfault issue?