From 7279cf04fe7eb5b55776b2f06d19de4771dc903a Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Mon, 16 Aug 2021 11:02:39 -0700 Subject: [PATCH] chore: ignore unmaintained warning for `net2` in `cargo audit` `cargo audit` currently emits a warning that the `net2` crate is unmaintained. We only depend on `net2` as a transitive dependency of older versions of `mio`, which we depend on via `tokio` 0.1. `tracing-futures` has feature flags for supporting `tokio` 0.1, which we can't remove until the next breaking change. `tokio` 0.1 won't be updated, so as long as `tracing-futures` supports tokio 0.1, we can't really get rid of the `net2` dependency. Therefore, this commit adds a `.cargo/audit.toml` to just ignore the warning. It only effects users who are using compatibility features for *other* unmaintained libraries, anyway. Eventually, when we drop `tokio` 0.1 support entirely, we can remove the `ignore` for this warning. --- .cargo/audit.toml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 0000000000..cc904ee1a1 --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,16 @@ +[advisories] +ignore = [ + # Unmaintained advisory for the `net2` crate. + # + # We ignore this, because `net2` is a transitive dependency of older + # versions of `mio`, which we depend on via `tokio` 0.1. `tokio` 0.1 won't + # be updated, so as long as `tracing-futures` supports tokio 0.1, we can't + # really get rid of the `net2` dependency. + # + # So, just ignore the warning. It only effects users who are using + # compatibility features for *other* unmaintained libraries, anyway. + # + # TODO: when `tracing-futures` drops support for `tokio` 0.1, we can remove + # the `ignore` for this warning, as we will no longer pull `net2`. + "RUSTSEC-2020-0016" +] \ No newline at end of file