ome reverse dependencies tightens dependency on chrono to v0.4.20 or v0.4.21, apparently related to RUSTSEC advisory 2020-0159 (bug#996913).
As I discussed in that bug report, while I understand why rustsec consider this a security issue (they treat all soundness bugs as security issues) I don't think it's particularly useful to characterise it as one downstream.
Please update to latest upstream release 0.4.21 to allow this security tightening to take effect in Debian-packaged code.
The new upstream version depends on the iana-time-zone crate, if/when someone packages that crate and it passes trough NEW, I am happy to update chrono.
