-
-
Notifications
You must be signed in to change notification settings - Fork 10
25 lines (24 loc) · 1.27 KB
/
cargo-audit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
name: Security audit
on:
schedule:
- cron: '51 6,18 * * *'
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
workflow_dispatch:
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: mv server/* .
- uses: rustsec/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
ignore: RUSTSEC-2023-0071,RUSTSEC-2024-0363,RUSTSEC-2024-0379,RUSTSEC-2024-0384,RUSTSEC-2024-0421
# RUSTSEC-2024-0421 = idna accepts Punycode labels that do not produce any non-ASCII when decoded => not used explitably
# RUSTSEC-2024-0384 = instant (Used via instant v0.1.13 > parking_lot v0.11.2 > sled v0.34.7 > cached v0.54.0) is unmaintained => Since `parking_lot`, `sled` and `cached` are maintained and the open issues in `instant` are wasm-related, I am going to close this
# RUSTSEC-2024-0379 = unsoundness in fast-float => only used in intialisation logic, fix in polars is in main and is awaiting release
# RUSTSEC-2024-0363 = Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts => caught by maximum request sizes
# RUSTSEC-2023-0071 = Marvin Attack: potential key recovery through timing sidechannels => not used explitably