mullvad · MarkusPettersson98 · Dec 11, 2024 · Dec 10, 2024 · Dec 10, 2024 · Dec 10, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -107,9 +107,9 @@ single_use_lifetimes = "warn"
 unused_async = "deny"
 
 [workspace.dependencies]
-hickory-proto = "0.24.1"
-hickory-resolver = "0.24.1"
-hickory-server = { version = "0.24.1", features = ["resolver"] }
+hickory-proto = "0.24.2"
+hickory-resolver = "0.24.2"
+hickory-server = { version = "0.24.2", features = ["resolver"] }
 tokio = { version = "1.8" }
 parity-tokio-ipc = "0.9"
 futures = "0.3.15"

@@ -28,12 +28,6 @@ yanked = "deny"
 ignore = [
     # Ignored audit issues. This list should be kept short, and effort should be
     # put into removing items from the list.
-
-    # RUSTSEC-2024-0421 - `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
-    # `hickory-proto 0.24.1` uses `idna 0.4`
-    # `url 2.5` uses `idna 0.5.0`
-    # `shadowsocks 1.20.3` uses `url 2.5`
-    "RUSTSEC-2024-0421",
 ]
 
 

@@ -67,16 +67,3 @@
 # effectiveUntil = 2024-11-02
 # reason = "The XML payload is generated by Apple tooling which we trust"
 # ```
-
-# idna accepts Punycode labels that do not produce any non-ASCII when decoded
-[[IgnoredVulns]]
-id = "RUSTSEC-2024-0421"
-ignoreUntil = 2025-03-09
-reason = """
-There is a privelege escalation in the `idna` crate, which affects consumers that accept arbitrary domain names
-as input, which we do not. A fix has been released in version `1.0.0`, and currently our dependencies `hickory-proto`
-and `shadowsocks` prevent us from upgrading to a safe version of `idna`. New releases of these depencies which are not
-vulnerable to RUSTSEC-2024-0421 is tracked in the following GitHub issues:
-- https://github.com/hickory-dns/hickory-dns/issues/2206
-- https://github.com/shadowsocks/shadowsocks-rust/issues/1775
-"""