Closed Ralith closed 2 years ago
I'm a bit annoyed by the fact that this causes these warnings. yasna does not use the offending API of the chrono crate, but it does/did use the fact that chrono supports leap seconds. Lacking leap second support can introduce actual bugs to programs. So the CVE warning pushes yasna from one solution that has no issues to another solution that does have issues, worsening security not helping with it.
Maybe we should just do our time handling ourselves, idk.
Bump?
+1 bump on release
Resolved now. See https://github.com/est31/rcgen/pull/66#issuecomment-1024929716 for why it took so long.
Can we get a new release with #61? I'd really love for my downstream CI to stop yelling at me about the CVE.