fix maint/cargo_audit not propagating error and add temporary exceptions
This commit is contained in:
parent
d81de1580b
commit
777eb8a5fc
|
@ -2,6 +2,8 @@
|
||||||
#
|
#
|
||||||
# Run "cargo audit" with an appropriate set of flags.
|
# Run "cargo audit" with an appropriate set of flags.
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
# List of vulnerabilities to ignore. It's risky to do this, so we should
|
# List of vulnerabilities to ignore. It's risky to do this, so we should
|
||||||
# only do this when two circumstances hold:
|
# only do this when two circumstances hold:
|
||||||
# 1. The vulnerability doesn't affect us.
|
# 1. The vulnerability doesn't affect us.
|
||||||
|
@ -11,6 +13,15 @@
|
||||||
# If you add anything to this section, make sure to add a comment
|
# If you add anything to this section, make sure to add a comment
|
||||||
# explaining why it's safe to do so.
|
# explaining why it's safe to do so.
|
||||||
IGNORE=(
|
IGNORE=(
|
||||||
|
# This is not a vulneriblity but an unmaintained warn for the
|
||||||
|
# `net2` crate. It's pulled indirectly by `notify` 4.0. It's
|
||||||
|
# fixed in `notify` 5.0 however only pre-releases are available
|
||||||
|
# for now.
|
||||||
|
--ignore RUSTSEC-2020-0016
|
||||||
|
# This is not a vulneriblity but an unmaintained warn for the
|
||||||
|
# `tempdir` crate. It's pulled by `tls-api` 0.7.0. As of now
|
||||||
|
# there is no available fix, but a patch was submited upstream.
|
||||||
|
--ignore RUSTSEC-2018-0017
|
||||||
)
|
)
|
||||||
|
|
||||||
cargo audit -D warnings "${IGNORE[@]}"
|
cargo audit -D warnings "${IGNORE[@]}"
|
||||||
|
|
Loading…
Reference in New Issue