Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore `RUSTSEC-2019-0003`. #7766

Merged
merged 1 commit into from May 20, 2019

Conversation

Projects
None yet
4 participants
@jsirois
Copy link
Member

commented May 19, 2019

We have a fix in-flight in
pantsbuild/rust-protobuf#2 that will still need
this --ignore even when we're consuming it. Adding the --ignore now
silences nightly CRON audit noise in the meantime and going forward
until we can upgrade to a public official release of protobuf with the
RUSTSEC-2019-0003 fix.

Part of fixing #7760

Ignore `RUSTSEC-2019-0003`.
We have a fix in-flight in
pantsbuild/rust-protobuf#2 that will still need
this `--ignore` even when we're consuming it. Adding the `--ignore` now
silences nightly CRON audit noise in the meantime and going forward
until we can upgrade to a public official release of protobuf with the
`RUSTSEC-2019-0003` fix.

Part of fixing #7760
@jsirois

This comment has been minimized.

Copy link
Member Author

commented May 19, 2019

Tested locally with:

$ ./build-support/bin/ci.sh -a

[=== 00:00 CI BEGINS ===]
[=== 00:00 Setting interpreter constraints to ['CPython==3.6.*'] ===]
[=== 00:00 Running cargo audit on rust code ===]
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 24 security advisories (from /home/jsirois/.cache/pants/rust/cargo/advisory-db)
    Scanning /home/jsirois/dev/pantsbuild/jsirois-pants/src/rust/engine/Cargo.lock for vulnerabilities (318 crate dependencies)
     Success No vulnerable packages found
[=== 00:06 CI ENDS ===]


SUCCESS

@jsirois jsirois merged commit 91a88ba into pantsbuild:master May 20, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@jsirois jsirois deleted the jsirois:issues/7760/ignore branch May 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.