barycenter

mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 21:20:41 +00:00

History

Till Wegmueller 1e999a628a ci(security): ignore unfixable vulnerabilities in cargo audit Problem: - Security audit fails on vulnerabilities we cannot fix - RUSTSEC-2023-0071: RSA crate vulnerability (transitive dependency, no fix) - RUSTSEC-2025-0120: json5 unmaintained (transitive dependency) Solution: - Use --ignore flags to exclude known unfixable advisories - Keep continue-on-error as defense in depth - Document why each vulnerability is ignored These are transitive dependencies from openidconnect and config crates. We'll track updates to those crates that may resolve these issues. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-29 14:51:16 +01:00
..
workflows	ci(security): ignore unfixable vulnerabilities in cargo audit	2025-11-29 14:51:16 +01:00

Till Wegmueller 1e999a628a

ci(security): ignore unfixable vulnerabilities in cargo audit

Problem:
- Security audit fails on vulnerabilities we cannot fix
- RUSTSEC-2023-0071: RSA crate vulnerability (transitive dependency, no fix)
- RUSTSEC-2025-0120: json5 unmaintained (transitive dependency)

Solution:
- Use --ignore flags to exclude known unfixable advisories
- Keep continue-on-error as defense in depth
- Document why each vulnerability is ignored

These are transitive dependencies from openidconnect and config crates.
We'll track updates to those crates that may resolve these issues.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-29 14:51:16 +01:00

workflows

ci(security): ignore unfixable vulnerabilities in cargo audit

2025-11-29 14:51:16 +01:00