From 18615ff591add26cc1dee50bf16e17fdcabd1621 Mon Sep 17 00:00:00 2001
From: Luca Palmieri <lpalmieri@truelayer.com>
Date: Wed, 29 Dec 2021 10:31:50 +0100
Subject: [PATCH] Upgrade to the latest `cookie` release - this removes the
 dependency on a version of `time` that was affected by RUSTSEC-2020-0071.
 `actix-web` still depends on a vulnerable version of `chrono` via `rcgen`,
 but `rcgen` is only used as a dev dependency therefore this does not affect
 end users. This is a breaking change, because `cookie`'s types are exposed in
 the public API of `actix-web`.

---
 Cargo.toml     | 2 +-
 awc/Cargo.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 1b85e8e75..8fcc6b007 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -84,7 +84,7 @@ actix-web-codegen = "0.5.0-beta.6"
 ahash = "0.7"
 bytes = "1"
 cfg-if = "1"
-cookie = { version = "0.15", features = ["percent-encode"], optional = true }
+cookie = { version = "0.16", features = ["percent-encode"], optional = true }
 derive_more = "0.99.5"
 encoding_rs = "0.8"
 futures-core = { version = "0.3.7", default-features = false }
diff --git a/awc/Cargo.toml b/awc/Cargo.toml
index 676a10895..e3a7346b8 100644
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@@ -85,7 +85,7 @@ serde_json = "1.0"
 serde_urlencoded = "0.7"
 tokio = { version = "1.8.4", features = ["sync"] }
 
-cookie = { version = "0.15", features = ["percent-encode"], optional = true }
+cookie = { version = "0.16", features = ["percent-encode"], optional = true }
 
 tls-openssl = { package = "openssl", version = "0.10.9", optional = true }
 tls-rustls = { package = "rustls", version = "0.20.0", optional = true, features = ["dangerous_configuration"] }