Merge pull request #480 from EspressoSystems/fix/audit

Fix audit
EspressoSystems · Mar 19, 2024 · 2ee0f12 · 2ee0f12
2 parents 12a1843 + 7f7d982
commit 2ee0f12
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -1,3 +1,15 @@
+# Copyright (c) 2022 Espresso Systems (espressosys.com)
+# This file is part of the HotShot Query Service library.
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+# General Public License as published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+# You should have received a copy of the GNU General Public License along with this program. If not,
+# see <https://www.gnu.org/licenses/>.
+
 [advisories]
 ignore = [
     # remove_dir_all (used by deprecated tempdir crate)
@@ -7,4 +19,6 @@ ignore = [
     # Tungstenite allows remote attackers to cause a denial of service
     # Dependency of async-tungstenite -> tide-websockets / surf-disco
     "RUSTSEC-2023-0065",
+    # Unfixed "Marvin" vulnerability in `RSA`, unused in sqlite dependency
+    "RUSTSEC-2023-0071",
 ]