From 6bb8855cfbb25a2557ee1ef5910a8a8035bc9204 Mon Sep 17 00:00:00 2001
From: xla <self@xla.is>
Date: Sat, 9 Apr 2022 11:47:54 +0100
Subject: [PATCH] meta: Add audit config (#1119)

Add an explicit audit config to control its behaviour, also ignore
advisory for serde_cbor until resolved.

Signed-off-by: xla <self@xla.is>
---
 .cargo/audit.toml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 .cargo/audit.toml

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
new file mode 100644
index 000000000..a3e237006
--- /dev/null
+++ b/.cargo/audit.toml
@@ -0,0 +1,33 @@
+[advisories]
+ignore = [
+   # TODO(xla): serde_cbor is unmaintained, but a proper replacement will take time to land in the repo.
+   # https://rustsec.org/advisories/RUSTSEC-2021-0127.html
+   # https://github.com/informalsystems/tendermint-rs/issues/1026
+   # https://github.com/informalsystems/tendermint-rs/issues/1038
+  "RUSTSEC-2021-0127",
+]
+informational_warnings = ["unmaintained"]
+severity_threshold = "low"
+
+[database]
+path = "~/.cargo/advisory-db"
+url = "https://github.com/RustSec/advisory-db.git"
+fetch = true
+stale = false
+
+[output]
+deny = ["unmaintained"] # exit on error if unmaintained dependencies are found
+format = "terminal"
+quiet = false
+show_tree = true
+
+[target]
+arch = "x86_64"
+os = "linux"
+
+[packages]
+source = "all"
+
+[yanked]
+enabled = true
+update_index = true