diff options
| -rw-r--r-- | .github/workflows/cargo-audit.yml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index dff6731c44..9ef1d756be 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -26,6 +26,11 @@ jobs: version: latest - name: Audit - # TEMP: Ignore the time segfault CVE since there are no known + # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known # good workarounds, and we want logs etc to be in local time. - run: cargo audit --ignore RUSTSEC-2020-0071 + # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, + # so it should be safe to ignore it. Stop ignoring the warning once + # atty has been replaced in clap and env_logger: + # https://github.com/clap-rs/clap/pull/4249 + # https://github.com/rust-cli/env_logger/pull/246 + run: cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2021-0145 |