audit stuff

2026-03-05 09:27:59 -06:00
parent c61fe26713
commit a00f7c80fb
5 changed files with 41 additions and 23 deletions
--- a/deny.toml
+++ b/deny.toml
@@ -4,7 +4,18 @@ all-features = true
 [advisories]
 version = 2
 yanked = "deny"
-ignore = []
+ignore = [
+    # rsa v0.9.10 - Marvin Attack timing sidechannel (medium severity)
+    # Pulled in transitively by sqlx-mysql, which sqlx compiles unconditionally
+    # for its macro system. We only use PostgreSQL — the rsa code is never
+    # executed. No upstream fix available.
+    { id = "RUSTSEC-2023-0071", reason = "transitive via sqlx-mysql; we only use postgres" },
+
+    # rustls-pemfile v2.x - unmaintained
+    # Transitive dependency via lapin → amq-protocol-tcp → tcp-stream.
+    # No alternative available until lapin updates its TLS stack.
+    { id = "RUSTSEC-2025-0134", reason = "transitive via lapin TLS stack; no alternative" },
+]

 [licenses]
 version = 2
@@ -21,6 +32,8 @@ allow = [
    "CC0-1.0",
    "OpenSSL",
    "BSL-1.0",
+    "MIT-0",
+    "CDLA-Permissive-2.0",
 ]

 [bans]