Silence `RUSTSEC-2024-0384` in `test/osv-scanner.toml`

author: Markus Pettersson <markus.pettersson@mullvad.net> 2024-11-11 11:35:27 +0100
committer: Markus Pettersson <markus.pettersson@mullvad.net> 2024-11-11 17:02:46 +0100
commit: f7735b900d7035cacfcbda7168a75c3bfe0115b2 (patch)
tree: 558338f8fc790231fbfeda03716dd7037c84ba0c /test
parent: 52abc458aedde13c9d9e409e1a444de94dcc2e23 (diff)
download: mullvadvpn-f7735b900d7035cacfcbda7168a75c3bfe0115b2.tar.xz
mullvadvpn-f7735b900d7035cacfcbda7168a75c3bfe0115b2.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/test/osv-scanner.toml b/test/osv-scanner.toml
index 5df7b8d3b9..12125290e2 100644
--- a/test/osv-scanner.toml
+++ b/test/osv-scanner.toml
@@ -1 +1,12 @@
 # See repository root `osv-scanner.toml` for instructions and rules for this file.
+
+# `instant` is unmaintained.
+[[IgnoredVulns]]
+id = "RUSTSEC-2024-0384"
+ignoreUntil = 2025-02-11
+reason = """
+There is no reported vulnerability in the `instant` crate, but it is unmaintained and the author suggest switching to
+a fork instead of depending on `instant`. In our tree it is `ssh2` that currently depend on `instant` through an old
+version of `parking_lot`, preventing us from upgrading to a fixed version. This ignore can be removed when
+https://github.com/alexcrichton/ssh2-rs/issues/338 is resolved.
+"""
author	Markus Pettersson <markus.pettersson@mullvad.net>	2024-11-11 11:35:27 +0100
committer	Markus Pettersson <markus.pettersson@mullvad.net>	2024-11-11 17:02:46 +0100
commit	f7735b900d7035cacfcbda7168a75c3bfe0115b2 (patch)
tree	558338f8fc790231fbfeda03716dd7037c84ba0c /test
parent	52abc458aedde13c9d9e409e1a444de94dcc2e23 (diff)
download	mullvadvpn-f7735b900d7035cacfcbda7168a75c3bfe0115b2.tar.xz mullvadvpn-f7735b900d7035cacfcbda7168a75c3bfe0115b2.zip