chore: ignore unmaintained warning for net2 in cargo audit

`cargo audit` currently emits a warning that the `net2` crate is unmaintained. We only depend on `net2` as a transitive dependency of older versions of `mio`, which we depend on via `tokio` 0.1. `tracing-futures` has feature flags for supporting `tokio` 0.1, which we can't remove until the next breaking change. `tokio` 0.1 won't be updated, so as long as `tracing-futures` supports tokio 0.1, we can't really get rid of the `net2` dependency. Therefore, this commit adds a `.cargo/audit.toml` to just ignore the warning. It only effects users who are using compatibility features for *other* unmaintained libraries, anyway. Eventually, when we drop `tokio` 0.1 support entirely, we can remove the `ignore` for this warning.
tokio-rs · Aug 17, 2021 · 7279cf0 · 7279cf0
1 parent 20e1588
commit 7279cf0
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -0,0 +1,16 @@
+[advisories]
+ignore = [
+    # Unmaintained advisory for the `net2` crate.
+    #
+    # We ignore this, because `net2` is a transitive dependency of older
+    # versions of `mio`, which we depend on via `tokio` 0.1. `tokio` 0.1 won't
+    # be updated, so as long as `tracing-futures` supports tokio 0.1, we can't
+    # really get rid of the `net2` dependency.
+    #
+    # So, just ignore the warning. It only effects users who are using
+    # compatibility features for *other* unmaintained libraries, anyway.
+    #
+    # TODO: when `tracing-futures` drops support for `tokio` 0.1, we can remove
+    # the `ignore` for this warning, as we will no longer pull `net2`.
+    "RUSTSEC-2020-0016"
+]