est31
commented
2 years ago I'm a bit annoyed by the fact that this causes these warnings. yasna does not use the offending API of the chrono crate, but it does/did use the fact that chrono supports leap seconds. Lacking leap second support can introduce actual bugs to programs. So the CVE warning pushes yasna from one solution that has no issues to another solution that does have issues, worsening security not helping with it.
Maybe we should just do our time handling ourselves, idk.
Ralith
robjtede
Can we get a new release with #61? I'd really love for my downstream CI to stop yelling at me about the CVE.