Upgrade time dependency (via cookie) (#2555)

CHANGES.md

@@ -2,9 +2,9 @@
 
 ## Unreleased - 2021-xx-xx
 ### Changed
+- `actix-web` has upgraded to `cookie` 0.16. This removes `actix-web`'s dependency on a version of `time` that was affected by RUSTSEC-2020-0071. `actix-web` still depends on a vulnerable version of `chrono` via `rcgen`, but `rcgen` is only used as a dev dependency therefore this does not affect end users.
 - Minimum supported Rust version (MSRV) is now 1.54.
 
-
 ## 4.0.0-beta.17 - 2021-12-29
 ### Added
 - `guard::GuardContext` for use with the `Guard` trait. [#2552]

Cargo.toml

@@ -84,7 +84,7 @@ actix-web-codegen = "0.5.0-beta.6"
 ahash = "0.7"
 bytes = "1"
 cfg-if = "1"
-cookie = { version = "0.15", features = ["percent-encode"], optional = true }
+cookie = { version = "0.16", features = ["percent-encode"], optional = true }
 derive_more = "0.99.5"
 encoding_rs = "0.8"
 futures-core = { version = "0.3.7", default-features = false }

awc/CHANGES.md

@@ -1,7 +1,8 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
-
+### Changed
+- `awc` has upgraded to `cookie` 0.16. This removes `awc`'s dependency on a version of `time` that was affected by RUSTSEC-2020-0071. `awc` still depends on a vulnerable version of `chrono` via `rcgen`, but `rcgen` is only used as a dev dependency therefore this does not affect end users.
 
 ## 3.0.0-beta.16 - 2021-12-29
 - `*::send_json` and `*::send_form` methods now receive `impl Serialize`. [#2553]

awc/Cargo.toml

@@ -85,7 +85,7 @@ serde_json = "1.0"
 serde_urlencoded = "0.7"
 tokio = { version = "1.8.4", features = ["sync"] }
 
-cookie = { version = "0.15", features = ["percent-encode"], optional = true }
+cookie = { version = "0.16", features = ["percent-encode"], optional = true }
 
 tls-openssl = { package = "openssl", version = "0.10.9", optional = true }
 tls-rustls = { package = "rustls", version = "0.20.0", optional = true, features = ["dangerous_configuration"] }