From c699cc9b5bda5b4c239de1b419afd23eb6430835 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrzej=20Bro=C5=84ski?= <andrzej1_1@o2.pl>
Date: Wed, 12 Jun 2024 14:03:22 +0200
Subject: [PATCH] Ignore RUSTSEC-2022-0054 caused by `wee_alloc`.

---
 flake.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/flake.nix b/flake.nix
index 2a550013..acda68de 100644
--- a/flake.nix
+++ b/flake.nix
@@ -189,6 +189,10 @@
             kairos-contracts-audit = craneLib.cargoAudit {
               inherit (kairosContractsAttrs) src;
               advisory-db = inputs.advisory-db;
+              # Default values from https://crane.dev/API.html?highlight=cargoAudit#cranelibcargoaudit
+              # FIXME --ignore RUSTSEC-2022-0093 ignores ed25519-dalek 1.0.1 vulnerability caused by introducing casper-client 2.0.0
+              # FIXME --ignore RUSTSEC-2022-0054 wee_alloc is Unmaintained caused by introducing casper-contract
+              cargoAuditExtraArgs = "--ignore yanked --deny warnings --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2022-0054";
             };
           };