RUSTSEC-2021-0073 Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic

[jszwedko]

error[A001]: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
    ┌─ /Users/jesse.szwedko/workspace/vector/Cargo.lock:484:1
    │
484 │ prost-types 0.7.0 registry+https://github.com/rust-lang/crates.io-index
    │ ----------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2021-0073
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0073
    = Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a `Timestamp` to `SystemTime`.

      It is recommended to upgrade to `prost-types` v0.8 and switch the usage of `From<Timestamp> for SystemTime` to `TryFrom<Timestamp> for SystemTime`.

      See [#438] for more information.

      [#438]: https://github.com/tokio-rs/prost/issues/438
    = Announcement: https://github.com/tokio-rs/prost/issues/438
    = Solution: Upgrade to >=0.8.0
    = prost-types v0.7.0
      ├── prometheus-parser v0.1.0
      │   └── vector v0.15.0
      ├── prost-build v0.7.0
      │   ├── (build) prometheus-parser v0.1.0 (*)
      │   ├── (build) pulsar v3.0.1
      │   │   └── vector v0.15.0 (*)
      │   ├── tonic-build v0.4.2
      │   │   └── (build) vector v0.15.0 (*)
      │   ├── (build) vector v0.15.0 (*)
      │   └── (build) vector_core v0.1.0
      │       └── vector v0.15.0 (*)
      ├── vector v0.15.0 (*)
      └── vector_core v0.1.0 (*)

[jszwedko]

Waiting on:

• Tonic release which seems to be imminent: https://github.com/hyperium/tonic/commit/040e3a481109b0aaab308f8f08b61196cea12c9a
• Pulsar PR: https://github.com/wyyerd/pulsar-rs/pull/166

[jszwedko]

Closing since the associated crates have been upgraded.