diff --git a/ci/do-audit.sh b/ci/do-audit.sh index aca50d122f3d1f..0e63dcef22a423 100755 --- a/ci/do-audit.sh +++ b/ci/do-audit.sh @@ -34,6 +34,17 @@ cargo_audit_ignores=( # curve25519-dalek --ignore RUSTSEC-2024-0344 + # Crate: idna + # Version: 0.1.5 + # Title: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded + # Date: 2024-12-09 + # ID: RUSTSEC-2024-0421 + # URL: https://rustsec.org/advisories/RUSTSEC-2024-0421 + # Solution: Upgrade to >=1.0.0 + # need to solve this depentant tree: + # jsonrpc-core-client v18.0.0 -> jsonrpc-client-transports v18.0.0 -> url v1.7.2 -> idna v0.1.5 + --ignore RUSTSEC-2024-0421 + # tonic # When using tonic::transport::Server there is a remote DoS attack that can cause # the server to exit cleanly on accepting a tcp/tls stream.