From 7a9dffe26df355dcd914aea9c202d112355afcb4 Mon Sep 17 00:00:00 2001
From: Jonas Bushart <jonas@bushart.org>
Date: Mon, 18 Oct 2021 21:07:11 +0200
Subject: [PATCH] chrono insecurly uses `localtime_r`

RUSTSEC-2020-0159 is about chrono calling localtime_r.
Right now there is no safe version, see this issue:
https://github.com/chronotope/chrono/issues/499
---
 .cargo/audit.toml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 02fcdc60..ee969aa0 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -1,7 +1,9 @@
 [advisories]
 ignore = [
-    # difference is unmaintained, is a dependency of pretty_assertions
-    "RUSTSEC-2020-0095",
+    # chrono: Potential segfault in `localtime_r` invocations
+    # chrono is an optional depenency, so we can ignore the warning.
+    # Right now there is no safe version of chrono to upgrade to.
+    "RUSTSEC-2020-0159",
 ]
 # warn for categories of informational advisories
 informational_warnings = [