We use the chrono package, which uses the time package. The time package has a vulnerability.

Vulnerabilities: GHSA-wcg3-cvx6-7396
Latest version: https://crates.io/crates/chrono (0.4.24)
Time 0.1.45 is deprecated: https://crates.io/crates/time/0.1.45

They (chrono) plan to release a new version, but the vulnerability was reported on Nov 18, 2020.

More info:

• Latest release 0.4.24 uses time:0.1.45 which has some vulnerabilities chronotope/chrono#1015
• CVE-2020-26235 advisory for time 0.1 dependency chronotope/chrono#602

Maybe we could try to disable some features to remove the dependency with the vulnerability.