From 1bd64b347f0d5ddfb0dcd774c166212220f538f6 Mon Sep 17 00:00:00 2001 From: Yihau Chen Date: Tue, 10 Dec 2024 03:22:56 +0800 Subject: [PATCH] fix audit (#4014) (cherry picked from commit 6c86ce59aaa5564f2050b84a66993790c4fb9529) # Conflicts: # ci/do-audit.sh --- ci/do-audit.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ci/do-audit.sh b/ci/do-audit.sh index aca50d122f3d1f..0e63dcef22a423 100755 --- a/ci/do-audit.sh +++ b/ci/do-audit.sh @@ -34,6 +34,17 @@ cargo_audit_ignores=( # curve25519-dalek --ignore RUSTSEC-2024-0344 + # Crate: idna + # Version: 0.1.5 + # Title: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded + # Date: 2024-12-09 + # ID: RUSTSEC-2024-0421 + # URL: https://rustsec.org/advisories/RUSTSEC-2024-0421 + # Solution: Upgrade to >=1.0.0 + # need to solve this depentant tree: + # jsonrpc-core-client v18.0.0 -> jsonrpc-client-transports v18.0.0 -> url v1.7.2 -> idna v0.1.5 + --ignore RUSTSEC-2024-0421 + # tonic # When using tonic::transport::Server there is a remote DoS attack that can cause # the server to exit cleanly on accepting a tcp/tls stream.