GitBross Home Explore Help
Register Sign In
sol_87yf6cwp
/
anza-xyz-agave
mirror of https://github.com/anza-xyz/agave.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

v3.0: Ignore security advisory from tracing-subscriber dep (#7846)

The only users of this dependency are crates that support test harnesses
such as solana-program-test; this is not used in production code
steviez 2 months ago
parent
1e33508ca4
commit
ddca2f97a9
1 changed files with 10 additions and 0 deletions
Split View Show Diff Stats
  1. 10 0
      ci/do-audit.sh

+ 10 - 0
ci/do-audit.sh
View File 

@@ -59,6 +59,16 @@ cargo_audit_ignores=(
 
   # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0376
 
   # Solution:  Upgrade to >=0.12.3
 
   --ignore RUSTSEC-2024-0376
 
+
 
+  # === solana-banks-client / solana-banks-interface / solana-banks-server ===
 
+  # Crate:     tracing-subscriber
 
+  # Version:   0.3.7
 
+  # Title:     Logging user input may result in poisoning logs with ANSI escape sequences
 
+  # Date:      2025-08-29
 
+  # ID:        RUSTSEC-2025-0055
 
+  # URL:       https://rustsec.org/advisories/RUSTSEC-2025-0055
 
+  # Solution:  Upgrade to >=0.3.20
 
+  --ignore RUSTSEC-2025-0055
 
 )
 
 scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter
 
 # we want the `cargo audit` exit code, not `$dep_tree_filter`'s