sigstore-rs
sigstore-rs copied to clipboard
Add RUSTSEC-2021-0139 to audit.toml
Security CI runs are failing due to RUSTSEC-2021-0139
RUSTSEC-2021-0139 is flagged from ansi_term, which is a transient dependency on tracing-subscriber. As tracing-subscriber is a dev-dependency, I think we can safely add this to the ignore flag.
No vulnerabilities exist in ansi-term, the warning is there as the crate is unmaintained at present.
Signed-off-by: Luke Hinds [email protected]
This dev dependency is needed because we want our example programs to be able to print debug/warn/error messages to the standard output.
The ansi-term
crate is being used by a lot of projects, hopefully this will lead to someone stepping up to be a maintainer or someone else just replacing it with another maintained crate.
In the meantime I think it's going to be simpler to get this PR merged.