Files
goose/deny.toml
2026-07-02 11:05:16 +00:00

20 lines
688 B
TOML

[advisories]
# Deny yanked crates to catch supply chain issues early.
yanked = "deny"
# Emulate cargo-audit which only checks vulnerabilities and yanked crates, not unmaintained/unsound.
unmaintained = "none"
unsound = "none"
ignore = [
# rsa: Marvin Attack timing sidechannel. No safe upgrade is available, and
# the reachable path is through jsonwebtoken.
"RUSTSEC-2023-0071",
# quick-xml: duplicate-attribute and namespace-declaration allocation issues.
# Current paths are through docx-rs, umya-spreadsheet, and bat/plist, and their
# latest releases do not yet expose a quick-xml >= 0.41.0 upgrade path.
"RUSTSEC-2026-0194",
"RUSTSEC-2026-0195",
]