From a4d6d259b7269649b06d27a162206f6701fccffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20F=C3=A4rnstrand?= <linus@mullvad.net>
Date: Tue, 1 Aug 2023 13:11:21 +0200
Subject: [PATCH] Un-ignore RUSTSEC-2020-0071 and ban time 0.1 from dependency
 tree

---
 .github/workflows/cargo-audit.yml | 3 ---
 deny.toml                         | 5 ++---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
index 00eb2f095918..0210facfea82 100644
--- a/.github/workflows/cargo-audit.yml
+++ b/.github/workflows/cargo-audit.yml
@@ -22,6 +22,3 @@ jobs:
         name: Audit Rust Dependencies
         with:
           denyWarnings: true
-          # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known
-          # good workarounds, and we want logs etc to be in local time.
-          ignore: RUSTSEC-2020-0071
diff --git a/deny.toml b/deny.toml
index 114beb0c5a1f..e911f2827e5e 100644
--- a/deny.toml
+++ b/deny.toml
@@ -18,8 +18,6 @@ yanked = "deny"
 notice = "deny"
 
 ignore = [
-    # Potential segfault in `time`:
-    "RUSTSEC-2020-0071"
 ]
 
 #severity-threshold =
@@ -87,7 +85,8 @@ deny = [
     { name = "clap", version = "2" },
     { name = "clap", version = "3" },
     # `atty` is an unmaintained crate with a CVE: RUSTSEC-2021-0145
-    { name = "atty" }
+    { name = "atty" },
+    { name = "time", version = "0.1"},
 ]
 skip = []
 skip-tree = []