fitzgen commented on issue #4837:
cc @bholley
fitzgen commented on issue #4837:
Good catch, thanks.
We don't use
peeking_take_while
in Wasmtime so we don't have an exemption for it to remove.I think maybe the reason that the
arbitrary
exemptions aren't being remove is that I audited the latest version but we use an older version inCargo.lock
?
fitzgen commented on issue #4837:
I think maybe the reason that the
arbitrary
exemptions aren't being remove is that I audited the latest version but we use an older version inCargo.lock
?Yeah, I added audits for the earlier versions and the exemptions go away now.
fitzgen commented on issue #4837:
Yep, done.
bholley commented on issue #4837:
Thanks!
I think maybe the reason that the arbitrary exemptions aren't being remove is that I audited the latest version but we use an older version in Cargo.lock?
My general recommendation for this situation (which we've run into as well) is to add an audit both for the latest version as well as the older version in tree.
And yes this PR should cover the ones Firefox is using, though while you're at it you might consider some of the other crates you own that have download stats in the millions.
Last updated: Dec 23 2024 at 12:05 UTC