Ignoring temporarily RUSTSEC-2023-0071.

quickwit-oss · Jan 18, 2024 · 94cb865 · 94cb865
1 parent df40eb9
commit 94cb865
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.github/workflows/dependency.yml b/.github/workflows/dependency.yml
@@ -18,4 +18,6 @@ jobs:
       - name: "Dependency Review"
         uses: actions/dependency-review-action@v3
         with:
-          allow-ghsas: GHSA-xpp3-xrff-w6rh # this refers to a RocksDB vulnerability on an API we do not use.
+          # This is an minor vuln on the rsa crate, used for
+          # google storage.
+          allow-ghsas: GHSA-c38w-74pg-36hr,GHSA-4grx-2x9w-596c
diff --git a/quickwit/deny.toml b/quickwit/deny.toml
@@ -48,7 +48,8 @@ notice = "warn"
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
-    #"RUSTSEC-0000-0000",
+    # TODO Remove me after rsa gets patched and released.
+    "RUSTSEC-2023-0071"
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories