Skip to content

Commit

Permalink
v1.18: ci: ignore the tonic audit as a temporary stopgap (backport of #…
Browse files Browse the repository at this point in the history
…3052) (#3062)

* ci: ignore the tonic audit as a temporary stopgap (#3052)

(cherry picked from commit 9b5525d)

# Conflicts:
#	ci/do-audit.sh

* Fix conflicts

* Update to mimic v2.0 change

---------

Co-authored-by: Yihau Chen <[email protected]>
Co-authored-by: WillHickey <[email protected]>
  • Loading branch information
3 people committed Oct 4, 2024
1 parent 38f0234 commit 30cf4f7
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions ci/do-audit.sh
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ cargo_audit_ignores=(

# openssl
--ignore RUSTSEC-2024-0357

# tonic
# When using tonic::transport::Server there is a remote DoS attack that can cause
# the server to exit cleanly on accepting a tcp/tls stream.
# Ignoring because we do not use this functionality.
--ignore RUSTSEC-2024-0376
)
scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter
# we want the `cargo audit` exit code, not `$dep_tree_filter`'s
Expand Down

0 comments on commit 30cf4f7

Please sign in to comment.