cargo_audit: Add an exception for RUSTSEC-2022-0093. (!1506) · Merge requests · The Tor Project / Core / Arti

Nick Mathewson requested to merge nickm/arti:cargo_audit_2022_0093 into main Aug 14, 2023

This is the API deficiency in ed25519-dalek v1 that allows you to mismatch public and private keys, leading to a (fatal) double-signing attack. We have worked around this in our current design, so it's appropriate to suppress this warning for now.

cargo_audit: Add an exception for RUSTSEC-2022-0093.

Merge request reports