deb71f7583
`cargo audit` currently emits a warning that the `net2` crate is unmaintained. We only depend on `net2` as a transitive dependency of older versions of `mio`, which we depend on via `tokio` 0.1. `tracing-futures` has feature flags for supporting `tokio` 0.1, which we can't remove until the next breaking change. `tokio` 0.1 won't be updated, so as long as `tracing-futures` supports tokio 0.1, we can't really get rid of the `net2` dependency. Therefore, this commit adds a `.cargo/audit.toml` to just ignore the warning. It only effects users who are using compatibility features for *other* unmaintained libraries, anyway. Eventually, when we drop `tokio` 0.1 support entirely, we can remove the `ignore` for this warning.
16 lines
No EOL
690 B
TOML
16 lines
No EOL
690 B
TOML
[advisories]
|
|
ignore = [
|
|
# Unmaintained advisory for the `net2` crate.
|
|
#
|
|
# We ignore this, because `net2` is a transitive dependency of older
|
|
# versions of `mio`, which we depend on via `tokio` 0.1. `tokio` 0.1 won't
|
|
# be updated, so as long as `tracing-futures` supports tokio 0.1, we can't
|
|
# really get rid of the `net2` dependency.
|
|
#
|
|
# So, just ignore the warning. It only effects users who are using
|
|
# compatibility features for *other* unmaintained libraries, anyway.
|
|
#
|
|
# TODO: when `tracing-futures` drops support for `tokio` 0.1, we can remove
|
|
# the `ignore` for this warning, as we will no longer pull `net2`.
|
|
"RUSTSEC-2020-0016"
|
|
] |