Merge pull request #678 from flavio/cargo-audit-ignore-rustsec-2023-0071

cargo audit: ignore RUSTSEC-2023-0071
kubewarden · Jan 8, 2024 · d2f3fd0 · d2f3fd0
2 parents 4d69f65 + 9072b17
commit d2f3fd0
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -1,11 +1,14 @@
 [advisories]
 ignore = [
   "RUSTSEC-2020-0071", # `time` localtime_r segfault -- https://rustsec.org/advisories/RUSTSEC-2020-0071
-                       # Ignored because there are not known workarounds or dependency version bump
-                       # at this time. The call to localtime_r is not protected by any lock and can
-                       # cause unsoundness. Read the previous link for more information.
+  # Ignored because there are not known workarounds or dependency version bump
+  # at this time. The call to localtime_r is not protected by any lock and can
+  # cause unsoundness. Read the previous link for more information.
   "RUSTSEC-2020-0168", # This is about "mach" being unmaintained.
-                       # This is a transitive dependency of wasmtime. This is
-                       # being tracked upstream via https://github.com/bytecodealliance/wasmtime/issues/6000
+  # This is a transitive dependency of wasmtime. This is
+  # being tracked upstream via https://github.com/bytecodealliance/wasmtime/issues/6000
+  # This is a transitive depependency of sigstore
+  "RUSTSEC-2023-0071", # "Classic" RSA timing sidechannel attack from non-constant-time implementation.
+  # Okay for local use.
+  # https://rustsec.org/advisories/RUSTSEC-2023-0071.html
 ]
-