From: Elias Rohrer <dev@tnull.de>
Date: Fri, 16 Feb 2024 10:33:37 +0000 (+0100)
Subject: Have CI's `cargo audit` ignore `RUSTSEC-2021-0125`
X-Git-Tag: v0.0.123-beta~61^2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=9aa6ddb24e3063787595a1ef06a84afac23f15c6;p=rust-lightning

Have CI's `cargo audit` ignore `RUSTSEC-2021-0125`

This advisory is only relevant for a downstream dependency of
`criterion`, which we currently don't want to bump in order to continue
benchmarking with our MSRV 1.63.0.

We therefore just add it to our ignore list for now.
---

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index e7e82ee4..e617573a 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -15,3 +15,9 @@ jobs:
       - uses: rustsec/audit-check@v1.4.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+          ignore: "RUSTSEC-2021-0145"
+              # RUSTSEC-2021-0145 pertains `atty`, which is a depencency of
+              # `criterion`. While the latter removed the depencency in its
+              # newest version, it would also require a higher `rustc`. We
+              # therefore avoid bumping it to allow benchmarking with our
+              # `rustc` 1.63 MSRV.