cargo audit was raising a warning for the serde_cbor dependency (which is used by criterion, so only in benchmarks) in this PR #181. The CI didn't fail because we don't run cargo audit with the --deny warnings flag enabled. This has to be fixed in rust-vmm-ci. In vm-memory we are ignoring this vulnerability until criterion fixes the issue: bheisler/criterion.rs#534.
cargo audit was raising a warning for the serde_cbor dependency (which is used by criterion, so only in benchmarks) in this PR #181. The CI didn't fail because we don't run cargo audit with the --deny warnings flag enabled. This has to be fixed in rust-vmm-ci. In vm-memory we are ignoring this vulnerability until criterion fixes the issue: bheisler/criterion.rs#534.