mirror of
https://github.com/aaif-goose/goose.git
synced 2026-07-03 14:10:03 +02:00
20 lines
688 B
TOML
20 lines
688 B
TOML
[advisories]
|
|
|
|
# Deny yanked crates to catch supply chain issues early.
|
|
yanked = "deny"
|
|
# Emulate cargo-audit which only checks vulnerabilities and yanked crates, not unmaintained/unsound.
|
|
unmaintained = "none"
|
|
unsound = "none"
|
|
|
|
ignore = [
|
|
# rsa: Marvin Attack timing sidechannel. No safe upgrade is available, and
|
|
# the reachable path is through jsonwebtoken.
|
|
"RUSTSEC-2023-0071",
|
|
|
|
# quick-xml: duplicate-attribute and namespace-declaration allocation issues.
|
|
# Current paths are through docx-rs, umya-spreadsheet, and bat/plist, and their
|
|
# latest releases do not yet expose a quick-xml >= 0.41.0 upgrade path.
|
|
"RUSTSEC-2026-0194",
|
|
"RUSTSEC-2026-0195",
|
|
]
|