A security advisory has been raised for some tokio versions:

https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2023-22466

Bumping tokio to one of the following versions would circumvent the security issue:

• 1.23.1
• 1.20.3
• 1.18.4

Sorry, should have looked at the Cargo.toml first! Since only the major version is specified, dependant crates should be able to control the minor and patch versions.