Let cargo-deny ignore that the instant crate is unmaintained

This isn't a security issue yet, the `indicatif` crate should get rid of it eventually, and this isn't really actionable for us so let's ignore that informative advisory so that CI remains green (it's an optional CI check but the failure could mask real vulnerabilities and does also mark the CI run with a red cross on the GitHub UI). Thank you <[email protected]> for the nice copypasta commit message from the last deny unmaintained advisory. Signed-off-by: Nico Steinle <[email protected]>
ammernico · Nov 11, 2024 · 697cbdb · 697cbdb
1 parent 371e831
commit 697cbdb
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/deny.toml b/deny.toml
@@ -65,4 +65,11 @@ ignore = [
     # https://github.com/trishume/syntect/issues/537 is resolved (replace
     # yaml-rust with yaml-rust2):
     { id = "RUSTSEC-2024-0320", reason = "Only an informative advisory that the crate is unmaintained and the maintainer unreachable" },
+
+    # Ignore an "INFO Unmaintained" advisory for the instant crate
+    # that the "indicatif" crate uses. This can be removed once
+    # https://github.com/console-rs/indicatif/issues/665 is resolved
+    # (The dependency instant is no longer maintained -
+    # consider switching to web-time instead):
+    { id = "RUSTSEC-2024-0384", reason = "Only an informative advisory that the crate is unmaintained and the author recommends using the maintained web-time crate instead." },
 ]