Skip to content

Commit 3fd5187

Browse files
TechassiTechassi
committed
chore: Copy complete deny.toml
1 parent d860bc3 commit 3fd5187

1 file changed

Lines changed: 32 additions & 0 deletions

File tree

deny.toml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,37 @@ targets = [
1515
[advisories]
1616
yanked = "deny"
1717
ignore = [
18+
# https://rustsec.org/advisories/RUSTSEC-2023-0071
19+
# "rsa" crate: Marvin Attack: potential key recovery through timing sidechannel
20+
#
21+
# No patch is yet available, however work is underway to migrate to a fully constant-time implementation.
22+
# So we need to accept this, as of SDP 26.3 we are "only" using the crate to create private +
23+
# public key pairs used by webhooks, such as conversion or mutating webhooks.
24+
#
25+
# https://github.com/RustCrypto/RSA/issues/19 is the tracking issue
26+
"RUSTSEC-2023-0071",
27+
28+
# https://rustsec.org/advisories/RUSTSEC-2024-0436
29+
# The "paste" crate is no longer maintained because the owner states that the implementation is
30+
# finished. There are at least two (forked) alternatives which state to be maintained. They'd
31+
# need to be vetted before a potential switch. Additionally, they'd need to be in a maintained
32+
# state for a couple of years to provide any benefit over using "paste".
33+
#
34+
# This crate is only used in a single place in the xtask package inside the declarative
35+
# "write_crd" macro. The impact of vulnerabilities, if any, should be fairly minimal.
36+
#
37+
# See thread: https://users.rust-lang.org/t/paste-alternatives/126787/4
38+
#
39+
# This can only be removed again if we decide to use a different crate.
40+
"RUSTSEC-2024-0436",
41+
42+
# https://rustsec.org/advisories/RUSTSEC-2026-0097
43+
# rand 0.8.5 is unsound when log+thread_rng features are enabled and a custom logger calls rand::rng().
44+
#
45+
# This version is pulled in transitively via num-bigint-dig -> rsa -> stackable-certs and cannot be
46+
# updated until the upstream rsa crate bumps its rand dependency.
47+
"RUSTSEC-2026-0097",
48+
1849
# https://rustsec.org/advisories/RUSTSEC-2026-0173
1950
# The author of `proc-macro-error2` has [confirmed](https://github.com/GnomedDev/proc-macro-error-2/issues/17#issuecomment-4643215473)
2051
# that the crate is no longer maintained and recommends that users migrate away from it.
@@ -72,6 +103,7 @@ license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]
72103
[sources]
73104
unknown-registry = "deny"
74105
unknown-git = "deny"
106+
allow-git = ["https://github.com/kube-rs/kube-rs"]
75107

76108
[sources.allow-org]
77109
github = ["stackabletech"]

0 commit comments

Comments
 (0)