Address cargo audit failure RUSTSEC-2024-0437 (#7114)

Resolves #7091 The `prometheus` crate pulls in `protobuf 2.x` which fails cargo audit. We actually dont use any `protobuf` related features in LH. By disabling default features for `prometheus`, we no longer pull in the `protobuf` crate
2026-03-03 00:31:50 +00:00 · 2025-03-12 21:17:33 -06:00
parent 2c40f0b004
commit 3a555f571f
3 changed files with 2 additions and 9 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -6943,7 +6943,6 @@ dependencies = [
 "lazy_static",
 "memchr",
 "parking_lot 0.12.3",
 "protobuf",
 "thiserror 1.0.69",
 ]
@@ -7014,12 +7013,6 @@ dependencies = [
 "types",
 ]
 [[package]]
 name = "protobuf"
 version = "2.28.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"
 [[package]]
 name = "psutil"
 version = "3.3.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -161,7 +161,7 @@ mockito = "1.5.0"
 num_cpus = "1"
 parking_lot = "0.12"
 paste = "1"
-prometheus = "0.13"
+prometheus = { version = "0.13", default-features = false }
 quickcheck = "1"
 quickcheck_macros = "1"
 quote = "1"
--- a/2
+++ b/2
@@ -250,7 +250,7 @@ install-audit:
 	cargo install --force cargo-audit
 audit-CI:
-	cargo audit --ignore RUSTSEC-2024-0437
+	cargo audit
 # Runs `cargo vendor` to make sure dependencies can be vendored for packaging, reproducibility and archival purpose.
 vendor: