solana/ci/do-audit.sh

#!/usr/bin/env bash

set -e

here="$(dirname "$0")"
src_root="$(readlink -f "${here}/..")"

cd "${src_root}"

cargo_audit_ignores=(
  # `net2` crate has been deprecated; use `socket2` instead
  #
  # Blocked on https://github.com/paritytech/jsonrpc/issues/575
  --ignore RUSTSEC-2020-0016

  # stdweb is unmaintained
  #
  # Blocked on multiple upstream crates removing their `stdweb` dependency.
  --ignore RUSTSEC-2020-0056

  # Potential segfault in the time crate
  #
  # Blocked on multiple crates updating `time` to >= 0.2.23
  --ignore RUSTSEC-2020-0071

  # generic-array: arr! macro erases lifetimes
  #
  # Blocked on new spl dependencies on solana-program v1.9
  # due to curve25519-dalek dependency
  --ignore RUSTSEC-2020-0146

  # chrono: Potential segfault in `localtime_r` invocations
  #
  # Blocked due to no safe upgrade
  # https://github.com/chronotope/chrono/issues/499
  --ignore RUSTSEC-2020-0159

)
scripts/cargo-for-all-lock-files.sh stable audit "${cargo_audit_ignores[@]}"
ci: checks - factor out audit so it can run independently 2021-02-28 12:55:31 -07:00			`#!/usr/bin/env bash`

			`set -e`

			`here="$(dirname "$0")"`
			`src_root="$(readlink -f "${here}/..")"`

			`cd "${src_root}"`

			`cargo_audit_ignores=(`
			# `net2` crate has been deprecated; use `socket2` instead
			`#`
			`# Blocked on https://github.com/paritytech/jsonrpc/issues/575`
			`--ignore RUSTSEC-2020-0016`

			`# stdweb is unmaintained`
			`#`
			# Blocked on multiple upstream crates removing their `stdweb` dependency.
			`--ignore RUSTSEC-2020-0056`

			`# Potential segfault in the time crate`
			`#`
			# Blocked on multiple crates updating `time` to >= 0.2.23
			`--ignore RUSTSEC-2020-0071`

			`# generic-array: arr! macro erases lifetimes`
			`#`
Remove unneeded jsonrpc dependencies/features; update do-audit (#23436) * Update generic-array note * Remove unneeded jsonrpc deps * Remove unneeded jsonrpc features * Rewrite slot-update test without websocket crate * Rewrite rpc-subscription test without websocket crate, and remove jsonrpc deps * Update expected balance to accommodate rent-exempt minimum transfer amount * Remove obsolete audit ignores 2022-03-02 01:42:01 -07:00			`# Blocked on new spl dependencies on solana-program v1.9`
			`# due to curve25519-dalek dependency`
ci: checks - factor out audit so it can run independently 2021-02-28 12:55:31 -07:00			`--ignore RUSTSEC-2020-0146`

Ignore RUSTSEC-2020-0159 2021-10-18 15:29:12 -05:00			# chrono: Potential segfault in `localtime_r` invocations
			`#`
			`# Blocked due to no safe upgrade`
			`# https://github.com/chronotope/chrono/issues/499`
			`--ignore RUSTSEC-2020-0159`

ci: checks - factor out audit so it can run independently 2021-02-28 12:55:31 -07:00			`)`
Speed up net.sh builds (#16360) * Speed up net.sh builds * feedback * Update net/net.sh Co-authored-by: Tyera Eulberg <teulberg@gmail.com> * feedback * fix Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com> Co-authored-by: Tyera Eulberg <teulberg@gmail.com> 2021-04-07 14:45:03 +08:00			`scripts/cargo-for-all-lock-files.sh stable audit "${cargo_audit_ignores[@]}"`