-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #678 from flavio/cargo-audit-ignore-rustsec-2023-0071
cargo audit: ignore RUSTSEC-2023-0071
- Loading branch information
Showing
1 changed file
with
9 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,14 @@ | ||
[advisories] | ||
ignore = [ | ||
"RUSTSEC-2020-0071", # `time` localtime_r segfault -- https://rustsec.org/advisories/RUSTSEC-2020-0071 | ||
# Ignored because there are not known workarounds or dependency version bump | ||
# at this time. The call to localtime_r is not protected by any lock and can | ||
# cause unsoundness. Read the previous link for more information. | ||
# Ignored because there are not known workarounds or dependency version bump | ||
# at this time. The call to localtime_r is not protected by any lock and can | ||
# cause unsoundness. Read the previous link for more information. | ||
"RUSTSEC-2020-0168", # This is about "mach" being unmaintained. | ||
# This is a transitive dependency of wasmtime. This is | ||
# being tracked upstream via https://github.com/bytecodealliance/wasmtime/issues/6000 | ||
# This is a transitive dependency of wasmtime. This is | ||
# being tracked upstream via https://github.com/bytecodealliance/wasmtime/issues/6000 | ||
# This is a transitive depependency of sigstore | ||
"RUSTSEC-2023-0071", # "Classic" RSA timing sidechannel attack from non-constant-time implementation. | ||
# Okay for local use. | ||
# https://rustsec.org/advisories/RUSTSEC-2023-0071.html | ||
] | ||
|