1[advisories] 2ignore = [ 3 # serde_cbor is an unmaintained dependency introduced by criterion. 4 # We are using criterion only for benchmarks, so we can ignore 5 # this vulnerability until criterion is fixing this. 6 # See https://github.com/bheisler/criterion.rs/issues/534. 7 "RUSTSEC-2021-0127", 8 # atty is unmaintained (the unsound problem doesn't seem to impact us). 9 # We are ignoring this advisory because it's only used by criterion, 10 # and we are using criterion for benchmarks. This is not a problem for 11 # production use cases. Also, criterion did not update the dependency, 12 # so there is not much else we can do. 13 "RUSTSEC-2021-0145" 14 ] 15