diff options
| author | David Lönnhager <david.l@mullvad.net> | 2022-11-23 12:32:18 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2022-11-24 13:07:04 +0100 |
| commit | bcb4d1d12522a333fb2106feb675e5b485b1b178 (patch) | |
| tree | 6ad541c5de4c1dd73c4ea0b48ad3f0c148a65d73 /.github | |
| parent | 865f896eb68db1053284560945bd917ee7832722 (diff) | |
| download | mullvadvpn-bcb4d1d12522a333fb2106feb675e5b485b1b178.tar.xz mullvadvpn-bcb4d1d12522a333fb2106feb675e5b485b1b178.zip | |
Ignore RUSTSEC-2021-0145
The vulnerability affects custom global allocators on Windows, so we can safely ignore it
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/cargo-audit.yml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index dff6731c44..9ef1d756be 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -26,6 +26,11 @@ jobs: version: latest - name: Audit - # TEMP: Ignore the time segfault CVE since there are no known + # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known # good workarounds, and we want logs etc to be in local time. - run: cargo audit --ignore RUSTSEC-2020-0071 + # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, + # so it should be safe to ignore it. Stop ignoring the warning once + # atty has been replaced in clap and env_logger: + # https://github.com/clap-rs/clap/pull/4249 + # https://github.com/rust-cli/env_logger/pull/246 + run: cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2021-0145 |