Skip to content

Commit 8e22dfe

Browse files
fix(cargo-deny): add RUSTSEC-2025-0119 advisory exception and remove invalid --all-features flag
1 parent 6bbfede commit 8e22dfe

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

.github/workflows/ci.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,6 @@ jobs:
135135
uses: EmbarkStudios/cargo-deny-action@v2
136136
with:
137137
command: check
138-
arguments: --all-features
139138
rust-version: "1.92"
140139

141140
test:

deny.toml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,17 @@ ignore = [
2424
# Alternative: Consider switching from rav1e when a suitable AV1 encoder alternative is available
2525
# Last reviewed: 2025-02-12
2626
"RUSTSEC-2024-0436",
27+
28+
# RUSTSEC-2025-0119: number_prefix crate is unmaintained
29+
# Justification: This is a transitive dependency from indicatif (via pklib -> wow-mpq).
30+
# The crate provides formatting for numbers with SI unit prefixes. It is used in progress bar
31+
# rendering for formatting large byte counts. The functionality is stable and the unmaintained
32+
# status does not pose security risks (no vulnerabilities reported).
33+
# Dependency tree: number_prefix -> indicatif -> pklib -> wow-mpq
34+
# Alternative: Could migrate to indicatif 0.18.x which uses unit-prefix, but this would require
35+
# updating pklib which is out of our control.
36+
# Last reviewed: 2025-02-16
37+
"RUSTSEC-2025-0119",
2738
]
2839

2940
[licenses]

0 commit comments

Comments
 (0)