marked RUSTSEC-2024-0421 as non-exploitable

TUM-Dev · Dec 14, 2024 · 39c86d3 · 39c86d3
1 parent 90812c5
commit 39c86d3
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/cargo-audit.yaml b/.github/workflows/cargo-audit.yaml
@@ -17,7 +17,8 @@ jobs:
       - uses: rustsec/[email protected]
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          ignore: RUSTSEC-2023-0071,RUSTSEC-2024-0363,RUSTSEC-2024-0379,RUSTSEC-2024-0384
+          ignore: RUSTSEC-2023-0071,RUSTSEC-2024-0363,RUSTSEC-2024-0379,RUSTSEC-2024-0384,RUSTSEC-2024-0421
+          # RUSTSEC-2024-0421 = idna accepts Punycode labels that do not produce any non-ASCII when decoded => not used explitably
           # RUSTSEC-2024-0384 = instant (Used via instant v0.1.13 > parking_lot v0.11.2 > sled v0.34.7 > cached v0.54.0) is unmaintained => Since `parking_lot`, `sled` and `cached` are maintained and the open issues in `instant` are wasm-related, I am going to close this
           # RUSTSEC-2024-0379 = unsoundness in fast-float => only used in intialisation logic, fix in polars is in main and is awaiting release
           # RUSTSEC-2024-0363 = Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts => caught by maximum request sizes