Merge branch 'cargo_audit_2022_0093' into 'main'

cargo_audit: Add an exception for RUSTSEC-2022-0093. See merge request tpo/core/arti!1506
2023-08-14 19:20:43 +00:00 · 2023-08-14 19:20:43 +00:00 · 5d02136ece
parent 118ed81d82 875de204e9
commit 5d02136ece
1 changed files with 8 additions and 0 deletions
--- a/maint/cargo_audit
+++ b/maint/cargo_audit
@ -20,6 +20,14 @@ IGNORE=(
    #     https://github.com/clap-rs/clap/pull/4249
    #     https://github.com/rust-cli/env_logger/pull/246
    --ignore RUSTSEC-2021-0145
+    # This is an API vulnerability in ed25519-dalek v1.x.x, to the
+    # extent that it does not force you to store private and public
+    # keys as a single keypair.
+    #
+    # We have desigend our APIs to work around this, and believe we
+    # are not affected.  We should eventually upgrade to
+    # ed25519-dalek >= 2, however.
+    --ignore RUSTSEC-2022-0093
 )

 ${CARGO:-cargo} audit -D warnings "${IGNORE[@]}"