v2.0: fix audit (backport of #4014) (#4021)

* fix audit (#4014) (cherry picked from commit 6c86ce5) # Conflicts: # ci/do-audit.sh * Fix merge conflict --------- Co-authored-by: Yihau Chen <[email protected]> Co-authored-by: Jon C <[email protected]>
jito-foundation · Dec 11, 2024 · 10b95d1 · 10b95d1
1 parent 5cb4531
commit 10b95d1
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/ci/do-audit.sh b/ci/do-audit.sh
@@ -34,6 +34,17 @@ cargo_audit_ignores=(
   # curve25519-dalek
   --ignore RUSTSEC-2024-0344
 
+  # Crate:     idna
+  # Version:   0.1.5
+  # Title:     `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
+  # Date:      2024-12-09
+  # ID:        RUSTSEC-2024-0421
+  # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0421
+  # Solution:  Upgrade to >=1.0.0
+  # need to solve this depentant tree:
+  # jsonrpc-core-client v18.0.0 -> jsonrpc-client-transports v18.0.0 -> url v1.7.2 -> idna v0.1.5
+  --ignore RUSTSEC-2024-0421
+
   # tonic
   # When using tonic::transport::Server there is a remote DoS attack that can cause
   # the server to exit cleanly on accepting a tcp/tls stream.