False positives due to use of buggy version of RustSec crate

https://github.com/RustSec/rustsec-crate/issues/51 causes crates-audit to flag some crates as affected even though they clearly are not.

Example: concurrent-hash-map depends on crossbeam ^0.2.10 which should resolve to crossbeam version 0.2.12; however, it is somehow marked vulnerable to https://rustsec.org/advisories/RUSTSEC-2018-0009 which affects only much newer crossbeam.

Updating rustsec requirement from 0.9 to 0.10 in Cargo.toml has cut the number of affected crates from 1696 to 724.