From 8200b5337b394567f3b9ecb11f25b6c5943e5474 Mon Sep 17 00:00:00 2001
From: "Tony Arcieri (iqlusion)" <tony@iqlusion.io>
Date: Mon, 9 Oct 2023 08:37:48 -0700
Subject: [PATCH] CI: ignore RUSTSEC-2022-0093 and RUSTSEC-2023-0052 (#763)

Adds the following advisories to the `ignore` section of
`.cargo/audit.toml`:

- RUSTSEC-2022-0093: ed25519-dalek: double public key oracle attack
- RUSTSEC-2023-0052: webpki: potential DoS in certificate path building

Also removes RUSTSEC-2020-0071 which was fixed via transitive
dependencies.
---
 .cargo/audit.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 4b2a05f7..0381ac71 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -4,6 +4,7 @@
 ignore = [
     "RUSTSEC-2019-0036", # failure: type confusion if __private_get_type_id__ is overridden
     "RUSTSEC-2020-0036", # failure is officially deprecated/unmaintained
-    "RUSTSEC-2020-0071", # time: potential segfault in `localtime_r` invocations
+    "RUSTSEC-2022-0093", # ed25519-dalek: double public key signing function oracle attack
     "RUSTSEC-2023-0033", # borsh: parsing borsh messages with ZST which are not-copy/clone is unsound
+    "RUSTSEC-2023-0052", # webpki: CPU denial of service in certificate path building
 ]