From 381ab45d3abfb664b23fb9cac9d1155e64636447 Mon Sep 17 00:00:00 2001 From: Johannes Agricola Date: Fri, 14 Mar 2025 22:20:10 +0100 Subject: [PATCH] Ignore RUSTSEC-2024-0436 (#2562) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cargo deny reports: ``` ID: RUSTSEC-2024-0436 Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0436 The creator of the crate `paste` has stated in the [`README.md`](https://github.com/dtolnay/paste/blob/master/README.md) that this project is not longer maintained as well as archived the repository Announcement: https://github.com/dtolnay/paste Solution: No safe upgrade is available! paste v1.0.15 └── ratatui v0.29.0 ├── gitui v0.27.0 └── tui-textarea v0.7.0 └── gitui v0.27.0 (*) ``` In https://github.com/gitui-org/gitui/issues/2554 the decision was made to ignore this advisory, as ratatui already has removed paste in https://github.com/ratatui/ratatui/pull/1713 and we are just waiting for an upstream release. Co-authored-by: Naseschwarz --- deny.toml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/deny.toml b/deny.toml index aeed921d..cc1074c3 100644 --- a/deny.toml +++ b/deny.toml @@ -13,9 +13,15 @@ allow = [ [advisories] version = 2 -# No fix for RSA, and this is a dependency from ssh_key crate to handle rsa ssh key. -# https://rustsec.org/advisories/RUSTSEC-2023-0071 -ignore = ["RUSTSEC-2023-0071"] +ignore = [ + # No fix for RSA, and this is a dependency from ssh_key crate to handle rsa ssh key. + # https://rustsec.org/advisories/RUSTSEC-2023-0071 + "RUSTSEC-2023-0071", + # Crate paste is unmaintained. The dependency is already removed in + # ratatui:master. Until a new release is available, ignore this in + # order to pass CI. (https://github.com/gitui-org/gitui/issues/2554) + { id = "RUSTSEC-2024-0436", reason = "The paste dependency is already removed from ratatui." } +] [bans] multiple-versions = "deny"