Skip to content

Commit 83fec7e

Browse files
TechassiTechassi
committed
chore: Allow RUSTSEC-2024-0436 advisory
1 parent ae2954a commit 83fec7e

File tree

1 file changed

+20
-4
lines changed

1 file changed

+20
-4
lines changed

deny.toml

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,26 @@ ignore = [
1313
# https://rustsec.org/advisories/RUSTSEC-2023-0071
1414
# "rsa" crate: Marvin Attack: potential key recovery through timing sidechannel
1515
#
16-
# No patch is yet available, however work is underway to migrate to a fully constant-time implementation
17-
# So we need to accept this, as of SDP 24.11 we are not using the rsa crate to create certificates used in production
18-
# setups.
16+
# No patch is yet available, however work is underway to migrate to a fully constant-time
17+
# implementation. So we need to accept this, as of SDP 24.11 we are not using the rsa crate to
18+
# create certificates used in production setups.
1919
#
2020
# TODO: Remove after https://github.com/RustCrypto/RSA/pull/394 is merged and v0.10.0 is released
2121
"RUSTSEC-2023-0071",
2222

23+
# https://rustsec.org/advisories/RUSTSEC-2024-0436
24+
# The "paste" crate is no longer maintained because the owner states that the implementation is
25+
# finished. There are at least two (forked) alternatives which state to be maintained. They'd
26+
# need to be vetted before a potential switch. Additionally, they'd need to be in a maintained
27+
# state for a couple of years to provide any benefit over using "paste".
28+
#
29+
# This crate is only used in a single place in the xtask package inside the declarative
30+
# "write_crd" macro. The impact of vulnerabilities, if any, should be fairly minimal.
31+
#
32+
# See thread: https://users.rust-lang.org/t/paste-alternatives/126787/4
33+
#
34+
# This can only be removed again if we decide to use a different crate.
35+
"RUSTSEC-2024-0436",
2336
]
2437

2538
[bans]
@@ -38,7 +51,10 @@ allow = [
3851
"LicenseRef-webpki",
3952
"MIT",
4053
"MPL-2.0",
41-
"OpenSSL", # Needed for the ring and/or aws-lc-sys crate. See https://github.com/stackabletech/operator-templating/pull/464 for details
54+
55+
# Needed for the ring and/or aws-lc-sys crate.
56+
# See https://github.com/stackabletech/operator-templating/pull/464 for details.
57+
"OpenSSL",
4258
"Unicode-3.0",
4359
"Unicode-DFS-2016",
4460
"Zlib",

0 commit comments

Comments
 (0)