]> git.bitcoin.ninja Git - rust-lightning/commitdiff
Have CI's `cargo audit` ignore `RUSTSEC-2021-0125`
authorElias Rohrer <dev@tnull.de>
Fri, 16 Feb 2024 10:33:37 +0000 (11:33 +0100)
committerElias Rohrer <dev@tnull.de>
Mon, 19 Feb 2024 09:00:36 +0000 (10:00 +0100)
This advisory is only relevant for a downstream dependency of
`criterion`, which we currently don't want to bump in order to continue
benchmarking with our MSRV 1.63.0.

We therefore just add it to our ignore list for now.

.github/workflows/audit.yml

index e7e82ee41ee00f32e46df159f283b7b1ab9d2840..e617573a3813790cc5a0aaea176cf7c76bbeb52e 100644 (file)
@@ -15,3 +15,9 @@ jobs:
       - uses: rustsec/audit-check@v1.4.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+          ignore: "RUSTSEC-2021-0145"
+              # RUSTSEC-2021-0145 pertains `atty`, which is a depencency of
+              # `criterion`. While the latter removed the depencency in its
+              # newest version, it would also require a higher `rustc`. We
+              # therefore avoid bumping it to allow benchmarking with our
+              # `rustc` 1.63 MSRV.