Merge branch 'remove-atty-dependency'

mullvad · Aug 1, 2023 · 9f76fd3 · 9f76fd3
2 parents a569adf + 0bbe1ac
commit 9f76fd3
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 28 deletions.
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
@@ -24,8 +24,4 @@ jobs:
           denyWarnings: true
           # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known
           # good workarounds, and we want logs etc to be in local time.
-          #
-          # RUSTSEC-2021-0145: The vulnerability affects custom global allocators,
-          # so it should be safe to ignore it. Stop ignoring the warning once
-          # atty has been removed from our dependency tree.
-          ignore: RUSTSEC-2020-0071,RUSTSEC-2021-0145
+          ignore: RUSTSEC-2020-0071
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/deny.toml b/deny.toml
@@ -86,6 +86,8 @@ deny = [
     { name = "openssl-probe" },
     { name = "clap", version = "2" },
     { name = "clap", version = "3" },
+    # `atty` is an unmaintained crate with a CVE: RUSTSEC-2021-0145
+    { name = "atty" }
 ]
 skip = []
 skip-tree = []