chore(audit): add advisory exceptions for RUSTSEC-2023-0071 and RUSTSEC-2024-0436 under [advisories] (timeboxed)

3 months ago · a305cf3d6d
1 changed files with 12 additions and 12 deletions
--- a/deny.toml
+++ b/deny.toml
@ -4,20 +4,20 @@
 [advisories]
 # default uses the rustsec DB; keep empty to use defaults
-[licenses]
+## Temporary advisory exceptions added by remediations/audit-2025-11-09
 # Allowlist of licenses. Edit to match project policy.
 allow = ["AGPL-3.0-only", "MIT", "Apache-2.0", "BSD-3-Clause"]
 ## Temporary exceptions added by remediations/audit-2025-11-09
 ## These exceptions are timeboxed and tracked in issues/TRACK-2025-11-09-RSA-PASTE.md
-[[licenses.exceptions]]
+[[advisories.exceptions]]
-crate = "rsa"
+id = "RUSTSEC-2023-0071"
-version = "=0.9.8"
+reason = "Transitive rsa = 0.9.8 (Marvin Attack); no safe published upgrade available at audit time. Temporary exception to unblock CI; see issues/TRACK-2025-11-09-RSA-PASTE.md"
 reason = "RUSTSEC-2023-0071: no safe upgrade available; temporary exception; see issues/TRACK-2025-11-09-RSA-PASTE.md"
 expires = "2026-02-01"
-[[licenses.exceptions]]
+[[advisories.exceptions]]
-crate = "paste"
+id = "RUSTSEC-2024-0436"
-version = "=1.0.15"
+reason = "Transitive paste = 1.0.15 (unmaintained). Temporary exception to unblock CI; see issues/TRACK-2025-11-09-RSA-PASTE.md"
 reason = "RUSTSEC-2024-0436: unmaintained; temporary exception; see issues/TRACK-2025-11-09-RSA-PASTE.md"
 expires = "2026-02-01"
 [licenses]
 # Allowlist of licenses. Edit to match project policy.
 allow = ["AGPL-3.0-only", "MIT", "Apache-2.0", "BSD-3-Clause"]
 exceptions = []