Ignore RUSTSEC-2024-0436 (#2562)

naseschwarz · Naseschwarz · web-flow · commit 381ab45d3abf · 2025-03-14T22:20:10.000+01:00
cargo deny reports: ``` ID: RUSTSEC-2024-0436 Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0436 The creator of the crate `paste` has stated in the [`README.md`](https://github.com/dtolnay/paste/blob/master/README.md) that this project is not longer maintained as well as archived the repository Announcement: https://github.com/dtolnay/paste Solution: No safe upgrade is available! paste v1.0.15 └── ratatui v0.29.0 ├── gitui v0.27.0 └── tui-textarea v0.7.0 └── gitui v0.27.0 (*) ``` In #2554 the decision was made to ignore this advisory, as ratatui already has removed paste in ratatui/ratatui#1713 and we are just waiting for an upstream release. Co-authored-by: Naseschwarz <naseschwarz@0x53a.de>
diff --git a/deny.toml b/deny.toml
@@ -13,9 +13,15 @@ allow = [
 
 [advisories]
 version = 2
-# No fix for RSA, and this is a dependency from ssh_key crate to handle rsa ssh key.
-# https://rustsec.org/advisories/RUSTSEC-2023-0071
-ignore = ["RUSTSEC-2023-0071"]
+ignore = [
+    # No fix for RSA, and this is a dependency from ssh_key crate to handle rsa ssh key.
+    # https://rustsec.org/advisories/RUSTSEC-2023-0071
+    "RUSTSEC-2023-0071",
+    # Crate paste is unmaintained. The dependency is already removed in
+    # ratatui:master. Until a new release is available, ignore this in
+    # order to pass CI. (https://github.com/gitui-org/gitui/issues/2554)
+    { id = "RUSTSEC-2024-0436", reason = "The paste dependency is already removed from ratatui." }
+]
 
 [bans]
 multiple-versions = "deny"
