ctz
commented
4 days ago Thanks for the change!
This is unnecessary for two reasons:
- cargo's semver rules (see https://doc.rust-lang.org/cargo/reference/resolver.html#semver-compatibility) means
version = "0.23.4"here already covers 0.23.5 and later versions. Just runcargo update - this crate does not call the affected function
rustls-0.23.5 fix CVE-2024-32650, see https://nvd.nist.gov/vuln/detail/CVE-2024-32650
We need to bump it for security!