meta: Add audit config (#1119)

Add an explicit audit config to control its behaviour, also ignore advisory for serde_cbor until resolved. Signed-off-by: xla <[email protected]>
informalsystems · Apr 9, 2022 · 6bb8855 · 6bb8855
1 parent d2b9f33
commit 6bb8855
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -0,0 +1,33 @@
+[advisories]
+ignore = [
+   # TODO(xla): serde_cbor is unmaintained, but a proper replacement will take time to land in the repo.
+   # https://rustsec.org/advisories/RUSTSEC-2021-0127.html
+   # https://github.com/informalsystems/tendermint-rs/issues/1026
+   # https://github.com/informalsystems/tendermint-rs/issues/1038
+  "RUSTSEC-2021-0127",
+]
+informational_warnings = ["unmaintained"]
+severity_threshold = "low"
+
+[database]
+path = "~/.cargo/advisory-db"
+url = "https://github.com/RustSec/advisory-db.git"
+fetch = true
+stale = false
+
+[output]
+deny = ["unmaintained"] # exit on error if unmaintained dependencies are found
+format = "terminal"
+quiet = false
+show_tree = true
+
+[target]
+arch = "x86_64"
+os = "linux"
+
+[packages]
+source = "all"
+
+[yanked]
+enabled = true
+update_index = true