chore(audit): add advisory exceptions for RUSTSEC-2023-0071 and RUSTSEC-2024-0436 under [advisories] (timeboxed)

2026-04-24 19:55:48 -06:00 · 2025-11-09 07:59:10 +00:00 · 2025-11-09 07:59:10 +00:00 · a305cf3d6d
commit a305cf3d6d
parent a64bf18935
1 changed files with 14 additions and 14 deletions
--- a/deny.toml
+++ b/deny.toml
@ -4,20 +4,20 @@
 [advisories]
 # default uses the rustsec DB; keep empty to use defaults

+## Temporary advisory exceptions added by remediations/audit-2025-11-09
+## These exceptions are timeboxed and tracked in issues/TRACK-2025-11-09-RSA-PASTE.md
+
+[[advisories.exceptions]]
+id = "RUSTSEC-2023-0071"
+reason = "Transitive rsa = 0.9.8 (Marvin Attack); no safe published upgrade available at audit time. Temporary exception to unblock CI; see issues/TRACK-2025-11-09-RSA-PASTE.md"
+expires = "2026-02-01"
+
+[[advisories.exceptions]]
+id = "RUSTSEC-2024-0436"
+reason = "Transitive paste = 1.0.15 (unmaintained). Temporary exception to unblock CI; see issues/TRACK-2025-11-09-RSA-PASTE.md"
+expires = "2026-02-01"
+
 [licenses]
 # Allowlist of licenses. Edit to match project policy.
 allow = ["AGPL-3.0-only", "MIT", "Apache-2.0", "BSD-3-Clause"]
-## Temporary exceptions added by remediations/audit-2025-11-09
-## These exceptions are timeboxed and tracked in issues/TRACK-2025-11-09-RSA-PASTE.md
-
-[[licenses.exceptions]]
-crate = "rsa"
-version = "=0.9.8"
-reason = "RUSTSEC-2023-0071: no safe upgrade available; temporary exception; see issues/TRACK-2025-11-09-RSA-PASTE.md"
-expires = "2026-02-01"
-
-[[licenses.exceptions]]
-crate = "paste"
-version = "=1.0.15"
-reason = "RUSTSEC-2024-0436: unmaintained; temporary exception; see issues/TRACK-2025-11-09-RSA-PASTE.md"
-expires = "2026-02-01"
+exceptions = []