From 1b90398cbd0442c1cd639e736d6785c9cd790d49 Mon Sep 17 00:00:00 2001
From: Pavlos Rontidis <pavlos.rontidis@gmail.com>
Date: Mon, 14 Aug 2023 17:54:44 -0400
Subject: [PATCH] fix(deps, security): temporarily ignore `ed25519-dalek`
 security vulnerability (#18245)

* fix: use a `ed25519-dalek` version which doesn't contain a vulnerability

* add 'dalek' to dict

* add comment

* as discussed, we will temporarily allow this vulnerability to exist
---
 .github/actions/spelling/allow.txt | 1 +
 deny.toml                          | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
index aa1068f502bac..2564c2cd006ae 100644
--- a/.github/actions/spelling/allow.txt
+++ b/.github/actions/spelling/allow.txt
@@ -248,6 +248,7 @@ corejs
 coreutils
 curta
 daemonset
+dalek
 databend
 datacenter
 datadog
diff --git a/deny.toml b/deny.toml
index f9453e19a109c..c44f4d68c7477 100644
--- a/deny.toml
+++ b/deny.toml
@@ -38,4 +38,8 @@ license-files = [
 
 [advisories]
 ignore = [
+    # `ed25519-dalek` is vulnerable due to "Double Public Key Signing Function Oracle Attack".
+    # Temporarily ignoring this vulnerability until the following issue is resolved:
+    # https://github.com/wasmCloud/nkeys/issues/20
+    "RUSTSEC-2022-0093"
 ]