fix maint/cargo_audit not propagating error and add temporary exceptions

2022-04-08 16:44:21 +02:00 · 2022-04-08 16:44:21 +02:00 · 777eb8a5fc
parent d81de1580b
commit 777eb8a5fc
1 changed files with 11 additions and 0 deletions
--- a/maint/cargo_audit
+++ b/maint/cargo_audit
@ -2,6 +2,8 @@
 #
 # Run "cargo audit" with an appropriate set of flags.

+set -euo pipefail
+
 # List of vulnerabilities to ignore.  It's risky to do this, so we should
 # only do this when two circumstances hold:
 #   1. The vulnerability doesn't affect us.
@ -11,6 +13,15 @@
 # If you add anything to this section, make sure to add a comment
 # explaining why it's safe to do so.
 IGNORE=(
+    # This is not a vulneriblity but an unmaintained warn for the
+    # `net2` crate. It's pulled indirectly by `notify` 4.0. It's
+    # fixed in `notify` 5.0 however only pre-releases are available
+    # for now.
+    --ignore RUSTSEC-2020-0016
+    # This is not a vulneriblity but an unmaintained warn for the
+    # `tempdir` crate. It's pulled by `tls-api` 0.7.0. As of now
+    # there is no available fix, but a patch was submited upstream.
+    --ignore RUSTSEC-2018-0017
 )

 cargo audit -D warnings "${IGNORE[@]}"