-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeny.toml
More file actions
19 lines (19 loc) · 918 Bytes
/
Copy pathdeny.toml
File metadata and controls
19 lines (19 loc) · 918 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# cargo-deny config. CI runs `cargo deny check advisories` against Cargo.lock
# (RustSec advisory DB) as a non-blocking signal — see .github/workflows/ci.yml.
# Add advisory IDs to `ignore` with a one-line rationale to silence a known,
# accepted finding.
[advisories]
version = 2
db-urls = ["https://github.com/rustsec/advisory-db"]
yanked = "warn"
ignore = [
# rsa (via openidconnect): Marvin timing sidechannel on RSA *decryption*.
# We only verify RS256 id_token/JWKS signatures with the IdP's public key —
# no private-key decryption — so the key-recovery attack doesn't apply. No
# fixed rsa release exists yet.
"RUSTSEC-2023-0071",
# ttf-parser (via charts-rs -> fontdue): author declared the crate
# unmaintained; no fixed release or drop-in replacement exists. Only used
# for server-side chart rendering of our own fonts, not untrusted input.
"RUSTSEC-2026-0192",
]