Un-ignore RUSTSEC-2020-0071 and ban time 0.1 from dependency tree

mullvad · Aug 1, 2023 · a4d6d25 · a4d6d25
1 parent 163efe9
commit a4d6d25
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
@@ -22,6 +22,3 @@ jobs:
         name: Audit Rust Dependencies
         with:
           denyWarnings: true
-          # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known
-          # good workarounds, and we want logs etc to be in local time.
-          ignore: RUSTSEC-2020-0071
diff --git a/deny.toml b/deny.toml
@@ -18,8 +18,6 @@ yanked = "deny"
 notice = "deny"
 
 ignore = [
-    # Potential segfault in `time`:
-    "RUSTSEC-2020-0071"
 ]
 
 #severity-threshold =
@@ -87,7 +85,8 @@ deny = [
     { name = "clap", version = "2" },
     { name = "clap", version = "3" },
     # `atty` is an unmaintained crate with a CVE: RUSTSEC-2021-0145
-    { name = "atty" }
+    { name = "atty" },
+    { name = "time", version = "0.1"},
 ]
 skip = []
 skip-tree = []