From 102ff701a1176fc780e78111582e7eb55b7115df Mon Sep 17 00:00:00 2001 From: toidiu Date: Mon, 4 Nov 2024 13:39:40 -0800 Subject: [PATCH 1/3] update cargo audit --- .cargo/audit.toml | 7 +++++++ .github/workflows/dependencies.yml | 16 +++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 0000000000..c5ebfdba43 --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,7 @@ +[advisories] +ignore = [ + # `atty` is a dependency of structopt and only used in s2n-quic-qns and s2n-quic-sim + "RUSTSEC-2021-0145", + # `atty` is a dependency of structopt and only used in s2n-quic-qns and s2n-quic-sim + "RUSTSEC-2024-0375" +] diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 102d82d734..2e27f2247d 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -28,7 +28,21 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: rustsec/audit-check@v1.4.1 + with: + submodules: true + + - name: Install rust toolchain + id: toolchain + run: | + rustup toolchain install stable --profile minimal + rustup override set stable + + - uses: camshaft/rust-cache@v1 + + - name: Run cargo build + run: cargo build + + - uses: rustsec/audit-check@v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} From 63a5b32e266c9b6be5e364e71ed52c0159b0f7b2 Mon Sep 17 00:00:00 2001 From: toidiu Date: Mon, 4 Nov 2024 13:49:47 -0800 Subject: [PATCH 2/3] allow more --- .cargo/audit.toml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.cargo/audit.toml b/.cargo/audit.toml index c5ebfdba43..8b9b37e11d 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -1,7 +1,11 @@ [advisories] ignore = [ - # `atty` is a dependency of structopt and only used in s2n-quic-qns and s2n-quic-sim + # `atty` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim "RUSTSEC-2021-0145", - # `atty` is a dependency of structopt and only used in s2n-quic-qns and s2n-quic-sim - "RUSTSEC-2024-0375" + # `atty` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + "RUSTSEC-2024-0375", + # ` proc-macro-error` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + "RUSTSEC-2024-0370", + # `ansi_term` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + "RUSTSEC-2021-0139" ] From ca78a3b978c21a96b4bded4455b574cfc292df3c Mon Sep 17 00:00:00 2001 From: toidiu Date: Mon, 4 Nov 2024 13:53:38 -0800 Subject: [PATCH 3/3] link github issue --- .cargo/audit.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.cargo/audit.toml b/.cargo/audit.toml index 8b9b37e11d..23df0242d7 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -1,11 +1,15 @@ [advisories] ignore = [ # `atty` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + # https://github.com/aws/s2n-quic/issues/2324 "RUSTSEC-2021-0145", # `atty` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + # https://github.com/aws/s2n-quic/issues/2324 "RUSTSEC-2024-0375", # ` proc-macro-error` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + # https://github.com/aws/s2n-quic/issues/2324 "RUSTSEC-2024-0370", # `ansi_term` is a dependency of `structopt` and only used in s2n-quic-qns and s2n-quic-sim + # https://github.com/aws/s2n-quic/issues/2324 "RUSTSEC-2021-0139" ]