Security advisory: please release with upgraded time dependency

[getreu]

Solution: Solution: Upgrade time to >=0.2.23

See dependency tree below cargo audit:

Crate:     time
Version:   0.1.44
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.44
└── chrono 0.4.19
    ├── tp-note 1.17.0
    ├── tera 1.15.0
    │   └── tp-note 1.17.0
    └── chrono-tz 0.6.1
        └── tera 1.15.0

[djc]

See #602.

[cristicbz]

@djc The currently released version also calls locatime_r directly (https://docs.rs/chrono/0.4.19/src/chrono/sys/unix.rs.html#84), so even without the oldtime feature, I think this is still affected by the CVE---is there a blocker to cutting a new release without the localtime_r call?

If there's interest, I could try to backport minimal changes to 0.4.19 to remove the localtime_r call?

[djc]

See #602.

[djc]

Sorry, I meant #674.