Resolve (mostly) RUSTSEC-2023-0052
The security issue here is an exponential CPU DoS caused by bogus certificate chains. The fix is to upgrade to the latest rustls-webpki
in place of older versions of rustls-webpki
and in place of the unmaintained webpki
crate.
Unfortunately, arti-hyper
uses tls-api
, which uses webpki
. I've opened an issue against tls-api
; see #1016 (closed). For now I think we need an exception.