Bump the all-dependencies group with 3 updates (#167)

* Bump the all-dependencies group with 3 updates Bumps the all-dependencies group with 3 updates: [serde_json](https://github.com/serde-rs/json), [syn](https://github.com/dtolnay/syn) and [tokio](https://github.com/tokio-rs/tokio). Updates `serde_json` from 1.0.114 to 1.0.115 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.114...v1.0.115) Updates `syn` from 2.0.55 to 2.0.57 - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](dtolnay/syn@2.0.55...2.0.57) Updates `tokio` from 1.36.0 to 1.37.0 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.36.0...tokio-1.37.0) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: syn dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> * resolve security warning --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: William Lyles <[email protected]>
eclipse-ibeji · Apr 1, 2024 · b0e2ac6 · b0e2ac6
1 parent 3f3a9d3
commit b0e2ac6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
@@ -20,8 +20,12 @@ jobs:
           submodules: recursive
       - name: Install Rust toolchain
         uses: ./.github/actions/install-rust-toolchain
+      # Ignored advisories:
+      # - https://rustsec.org/advisories/RUSTSEC-2024-0320 : yaml-rust is unmaintained
+      #   - This is a dependency of the config crate, which does not have a version without yaml-rust.
+      #     See https://github.com/mehcode/config-rs/issues/473 and https://github.com/eclipse-ibeji/freyja/issues/168
       - name: Cargo audit
         uses: actions-rs/cargo@v1
         with:
           command: audit
-          args: --deny warnings
+          args: --deny warnings --ignore RUSTSEC-2024-0320
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -75,12 +75,12 @@ prost = "0.12"
 prost-types = "0.12"
 quote = "1.0.23"
 serde = { version = "1.0.196", features = ["derive"] }
-serde_json = "1.0.113"
+serde_json = "1.0.115"
 strum = "0.26.1"
 strum_macros = "0.26.2"
-syn = { version = "2.0.55", features = ["extra-traits", "full"] }
+syn = { version = "2.0.57", features = ["extra-traits", "full"] }
 time = "0.3.34"
-tokio = { version = "1.36", features = ["macros", "rt-multi-thread", "time", "sync", "test-util"] }
+tokio = { version = "1.37", features = ["macros", "rt-multi-thread", "time", "sync", "test-util"] }
 tokio-stream = { version = "0.1.15", features = ["net"] }
 tonic = "0.11.0"
 tonic-build = "0.11.0"