From: Elias Rohrer Date: Fri, 16 Feb 2024 10:33:37 +0000 (+0100) Subject: Have CI's `cargo audit` ignore `RUSTSEC-2021-0125` X-Git-Tag: v0.0.123-beta~61^2 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=9aa6ddb24e3063787595a1ef06a84afac23f15c6;p=rust-lightning Have CI's `cargo audit` ignore `RUSTSEC-2021-0125` This advisory is only relevant for a downstream dependency of `criterion`, which we currently don't want to bump in order to continue benchmarking with our MSRV 1.63.0. We therefore just add it to our ignore list for now. --- diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index e7e82ee41..e617573a3 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -15,3 +15,9 @@ jobs: - uses: rustsec/audit-check@v1.4.1 with: token: ${{ secrets.GITHUB_TOKEN }} + ignore: "RUSTSEC-2021-0145" + # RUSTSEC-2021-0145 pertains `atty`, which is a depencency of + # `criterion`. While the latter removed the depencency in its + # newest version, it would also require a higher `rustc`. We + # therefore avoid bumping it to allow benchmarking with our + # `rustc` 1.63 MSRV.