From a305cf3d6dd1ccffc9c66707df7766a0498256df Mon Sep 17 00:00:00 2001
From: kalvinparker <106995826+kalvinparker@users.noreply.github.com>
Date: Sun, 9 Nov 2025 07:59:10 +0000
Subject: [PATCH] chore(audit): add advisory exceptions for RUSTSEC-2023-0071
 and RUSTSEC-2024-0436 under [advisories] (timeboxed)

---
 deny.toml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/deny.toml b/deny.toml
index e353846a..003f0678 100644
--- a/deny.toml
+++ b/deny.toml
@@ -4,20 +4,20 @@
 [advisories]
 # default uses the rustsec DB; keep empty to use defaults
 
-[licenses]
-# Allowlist of licenses. Edit to match project policy.
-allow = ["AGPL-3.0-only", "MIT", "Apache-2.0", "BSD-3-Clause"]
-## Temporary exceptions added by remediations/audit-2025-11-09
+## Temporary advisory exceptions added by remediations/audit-2025-11-09
 ## These exceptions are timeboxed and tracked in issues/TRACK-2025-11-09-RSA-PASTE.md
 
-[[licenses.exceptions]]
-crate = "rsa"
-version = "=0.9.8"
-reason = "RUSTSEC-2023-0071: no safe upgrade available; temporary exception; see issues/TRACK-2025-11-09-RSA-PASTE.md"
+[[advisories.exceptions]]
+id = "RUSTSEC-2023-0071"
+reason = "Transitive rsa = 0.9.8 (Marvin Attack); no safe published upgrade available at audit time. Temporary exception to unblock CI; see issues/TRACK-2025-11-09-RSA-PASTE.md"
 expires = "2026-02-01"
 
-[[licenses.exceptions]]
-crate = "paste"
-version = "=1.0.15"
-reason = "RUSTSEC-2024-0436: unmaintained; temporary exception; see issues/TRACK-2025-11-09-RSA-PASTE.md"
+[[advisories.exceptions]]
+id = "RUSTSEC-2024-0436"
+reason = "Transitive paste = 1.0.15 (unmaintained). Temporary exception to unblock CI; see issues/TRACK-2025-11-09-RSA-PASTE.md"
 expires = "2026-02-01"
+
+[licenses]
+# Allowlist of licenses. Edit to match project policy.
+allow = ["AGPL-3.0-only", "MIT", "Apache-2.0", "BSD-3-Clause"]
+exceptions = []