From bb40c66eb0dddf86a04de08702562e10ccd3ece6 Mon Sep 17 00:00:00 2001
From: Joe Ranweiler <joranwei@microsoft.com>
Date: Mon, 18 Oct 2021 15:46:07 -0700
Subject: [PATCH] Temporarily ignore non-actionable `cargo audit` errors
 (#1365)

---
 src/ci/agent.sh | 12 +++++++-----
 src/ci/proxy.sh |  8 +++++---
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/ci/agent.sh b/src/ci/agent.sh
index 280211caa..926269f84 100755
--- a/src/ci/agent.sh
+++ b/src/ci/agent.sh
@@ -35,11 +35,13 @@ if [ X${CARGO_INCREMENTAL} == X ]; then
 fi
 
 cargo fmt -- --check
-# RUSTSEC-2020-0016: a dependency net2 (pulled in from tokio) is deprecated
-# RUSTSEC-2020-0036: a dependency failure (pulled from proc-maps) is deprecated
-# RUSTSEC-2019-0036: a dependency failure (pulled from proc-maps) has type confusion vulnerability
-# RUSTSEC-2021-0065: a dependency anymap is no longer maintained
-cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2020-0016 --ignore RUSTSEC-2020-0036 --ignore RUSTSEC-2019-0036 --ignore RUSTSEC-2021-0065
+# RUSTSEC-2020-0016: a dependency `net2` (pulled in from tokio) is deprecated
+# RUSTSEC-2020-0036: a dependency `failure` (pulled from proc-maps) is deprecated
+# RUSTSEC-2019-0036: a dependency `failure` (pulled from proc-maps) has type confusion vulnerability
+# RUSTSEC-2021-0065: a dependency `anymap` is no longer maintained
+# RUSTSEC-2020-0159: potential segfault in `time`, not yet patched (#1366)
+# RUSTSEC-2020-0071: potential segfault in `chrono`, not yet patched (#1366)
+cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2020-0016 --ignore RUSTSEC-2020-0036 --ignore RUSTSEC-2019-0036 --ignore RUSTSEC-2021-0065 --ignore RUSTSEC-2020-0159 --ignore RUSTSEC-2020-0071
 cargo-license -j > data/licenses.json
 cargo build --release --locked
 cargo clippy --release -- -D warnings
diff --git a/src/ci/proxy.sh b/src/ci/proxy.sh
index 10c9d7fce..532fbbc04 100755
--- a/src/ci/proxy.sh
+++ b/src/ci/proxy.sh
@@ -12,9 +12,11 @@ mkdir -p artifacts/proxy
 cd src/proxy-manager
 cargo fmt -- --check
 cargo clippy --release -- -D warnings
-# RUSTSEC-2020-0016: a dependency net2 (pulled in from tokio) is deprecated
-# RUSTSEC-2021-0065: a dependency anymap is no longer supported
-cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2020-0016 --ignore RUSTSEC-2021-0065
+# RUSTSEC-2020-0016: a dependency `net2` (pulled in from `tokio`) is deprecated
+# RUSTSEC-2021-0065: a dependency `anymap` is no longer supported
+# RUSTSEC-2020-0159: potential segfault in `time`, not yet patched (#1366)
+# RUSTSEC-2020-0071: potential segfault in `chrono`, not yet patched (#1366)
+cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2020-0016 --ignore RUSTSEC-2021-0065 --ignore RUSTSEC-2020-0159 --ignore RUSTSEC-2020-0071
 cargo-license -j > data/licenses.json
 cargo build --release --locked
 # export RUST_LOG=trace