fix(deps, security): temporarily ignore ed25519-dalek security vuln…

…erability (#18245) * fix: use a `ed25519-dalek` version which doesn't contain a vulnerability * add 'dalek' to dict * add comment * as discussed, we will temporarily allow this vulnerability to exist
vectordotdev · Aug 14, 2023 · 1b90398 · 1b90398
1 parent b0c89ab
commit 1b90398
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -248,6 +248,7 @@ corejs
 coreutils
 curta
 daemonset
+dalek
 databend
 datacenter
 datadog

diff --git a/deny.toml b/deny.toml
@@ -38,4 +38,8 @@ license-files = [
 
 [advisories]
 ignore = [
+    # `ed25519-dalek` is vulnerable due to "Double Public Key Signing Function Oracle Attack".
+    # Temporarily ignoring this vulnerability until the following issue is resolved:
+    # https://github.com/wasmCloud/nkeys/issues/20
+    "RUSTSEC-2022-0093"
 ]