fix audit (#4014)

(cherry picked from commit 6c86ce5) # Conflicts: # ci/do-audit.sh
anza-xyz · Dec 10, 2024 · c8bd0cc · c8bd0cc
1 parent 5cb4531
commit c8bd0cc
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/ci/do-audit.sh b/ci/do-audit.sh
@@ -31,7 +31,30 @@ cargo_audit_ignores=(
 
   --ignore RUSTSEC-2022-0093
 
+<<<<<<< HEAD
   # curve25519-dalek
+=======
+  # Crate:     idna
+  # Version:   0.1.5
+  # Title:     `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
+  # Date:      2024-12-09
+  # ID:        RUSTSEC-2024-0421
+  # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0421
+  # Solution:  Upgrade to >=1.0.0
+  # need to solve this depentant tree:
+  # jsonrpc-core-client v18.0.0 -> jsonrpc-client-transports v18.0.0 -> url v1.7.2 -> idna v0.1.5
+  --ignore RUSTSEC-2024-0421
+
+  # === programs/sbf ===
+  #
+  # Crate:     curve25519-dalek
+  # Version:   3.2.1
+  # Title:     Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
+  # Date:      2024-06-18
+  # ID:        RUSTSEC-2024-0344
+  # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0344
+  # Solution:  Upgrade to >=4.1.3
+>>>>>>> 6c86ce59aa (fix audit (#4014))
   --ignore RUSTSEC-2024-0344
 
   # tonic