From cb6cfde9a940bb815bd1f5b9bdd52e05a3212cc2 Mon Sep 17 00:00:00 2001
From: David Krasnitsky <DK26@users.noreply.github.com>
Date: Wed, 8 Feb 2023 16:08:26 +0200
Subject: [PATCH] Update RUSTSEC-2020-0071.md (#1591)

---
 crates/time/RUSTSEC-2020-0071.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/crates/time/RUSTSEC-2020-0071.md b/crates/time/RUSTSEC-2020-0071.md
index e6dce46..e9d1655 100644
--- a/crates/time/RUSTSEC-2020-0071.md
+++ b/crates/time/RUSTSEC-2020-0071.md
@@ -71,4 +71,26 @@ Users of time 0.1 do not have a patch and should upgrade to an unaffected versio
 
 ### Workarounds
 
-No workarounds are known.
+A possible workaround for crates affected through the transitive dependency in `chrono`, is to avoid using the default `oldtime` feature dependency of the `chrono` crate by disabling its default-features and manually specifying the required features instead.
+
+#### Examples:
+
+`Cargo.toml`:  
+
+```toml
+chrono = { version = "0.4", default-features = false, features = ["serde"] }
+```
+
+```toml
+chrono = { version = "0.4.22", default-features = false, features = ["clock"] }
+```
+
+Commandline:  
+
+```bash
+cargo add chrono --no-default-features -F clock
+```
+
+Sources:  
+ - https://github.com/chronotope/chrono/issues/602#issuecomment-1242149249  
+ - https://github.com/vityafx/serde-aux/issues/21