Files
wehub-resource-sync d68f003000
CI / Change detection (push) Has been cancelled
CI / Version drift (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Workflow RLM cache (push) Has been cancelled
CI / Test (macos-latest) (push) Has been cancelled
CI / Test (ubuntu-latest) (push) Has been cancelled
CI / Test (windows-latest) (push) Has been cancelled
CI / npm wrapper smoke (push) Has been cancelled
CI / Mobile runtime smoke (push) Has been cancelled
CI / Workflow lint (push) Has been cancelled
CI / Documentation (push) Has been cancelled
Web Frontend / Lint & Type Check (push) Failing after 1s
Auto-close harvested PRs / close (push) Failing after 1s
cargo-deny / cargo-deny (bans licenses sources) (push) Failing after 1s
Security audit / cargo-audit (push) Failing after 1s
Sync to CNB / sync (push) Failing after 1s
Web Frontend / Deploy to Cloudflare (push) Waiting to run
cargo-deny / cargo-deny (advisories) (push) Failing after 3s
chore: import upstream snapshot with attribution
2026-07-13 12:08:23 +08:00

22 lines
1.1 KiB
TOML

# cargo-audit configuration (read by `cargo audit`).
#
# The advisories below are all "unmaintained" warnings — NOT security
# vulnerabilities. Each crate is pulled in transitively only by the `starlark`
# 0.13.0 family (starlark / starlark_syntax / starlark_map), which crates/tui
# depends on directly for Starlark execpolicy files.
# `cargo tree -i <crate>` confirms starlark is the sole path for each.
#
# There is no fix available without an upstream `starlark` release that drops
# these deps, and none is exploitable here. They are accepted for now and
# tracked in this file so `cargo audit` stays clean for genuinely new advisories.
# Remove an entry once a starlark upgrade/removal drops the transitive dep
# (re-check with `cargo tree -i derivative` and `cargo audit`).
#
# Audit #11, scratchpad/bug-audit-2026-06-24.md.
[advisories]
ignore = [
"RUSTSEC-2024-0388", # derivative 2.2.0 unmaintained — transitive via starlark 0.13.0
"RUSTSEC-2025-0057", # fxhash 0.2.1 unmaintained — transitive via starlark_map 0.13.0
"RUSTSEC-2024-0436", # paste 1.0.15 unmaintained — transitive via starlark 0.13.0
]