codex

clone/codex

Fork 0

mirror of https://github.com/openai/codex.git synced 2026-05-13 15:52:40 +00:00

Commit Graph

Author	SHA1	Message	Date
jif-oai	5744b85b9a	fix: cargo deny (#20627 ) Fix cargo deny by ack the `RUSTSEC` while a fix land ``` RUSTSEC-2026-0118 NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses RUSTSEC-2026-0119 CPU exhaustion during message encoding due to O(n²) name compression Dependency path: hickory-proto 0.25.2 └── hickory-resolver 0.25.2 └── rama-dns 0.3.0-alpha.4 └── rama-tcp 0.3.0-alpha.4 └── codex-network-proxy ``` Also upgrade some workers version to prevent this: ``` warning[license-not-encountered]: license was not encountered ┌─ ./codex-rs/deny.toml:131:6 │ 131 │ "OpenSSL", │ ━━━━━━━ unmatched license allowance warning[duplicate]: found 2 duplicate entries for crate 'base64' ┌─ /github/workspace/codex-rs/Cargo.lock:79:1 │ 79 │ ╭ base64 0.21.7 registry+https://github.com/rust-lang/crates.io-index 80 │ │ base64 0.22.1 registry+https://github.com/rust-lang/crates.io-index │ ╰───────────────────────────────────────────────────────────────────┘ lock entries ```	2026-05-01 18:15:38 +02:00
Josh McKinney	4ed4c73d6b	chore(ci): add cargo audit workflow and policy (#7108 ) - add to ignore current unmaintained advisories (derivative, fxhash, paste) so audits gate new issues only - introduce GitHub Actions workflow to run on push/PR using to install cargo-audit Existing advisories (all "unmaintained"): - https://rustsec.org/advisories/RUSTSEC-2024-0388 - https://rustsec.org/advisories/RUSTSEC-2025-0057 - https://rustsec.org/advisories/RUSTSEC-2024-0436	2025-11-24 12:20:55 -08:00

Author

SHA1

Message

Date

jif-oai

5744b85b9a

fix: cargo deny (#20627 )

Fix cargo deny by ack the `RUSTSEC` while a fix land
```
  RUSTSEC-2026-0118
  NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

  RUSTSEC-2026-0119
  CPU exhaustion during message encoding due to O(n²) name compression

  Dependency path:

  hickory-proto 0.25.2
  └── hickory-resolver 0.25.2
      └── rama-dns 0.3.0-alpha.4
          └── rama-tcp 0.3.0-alpha.4
              └── codex-network-proxy
```

Also upgrade some workers version to prevent this:
```
warning[license-not-encountered]: license was not encountered
    ┌─ ./codex-rs/deny.toml:131:6
    │
131 │     "OpenSSL",
    │      ━━━━━━━ unmatched license allowance

warning[duplicate]: found 2 duplicate entries for crate 'base64'
   ┌─ /github/workspace/codex-rs/Cargo.lock:79:1
   │
79 │ ╭ base64 0.21.7 registry+https://github.com/rust-lang/crates.io-index
80 │ │ base64 0.22.1 registry+https://github.com/rust-lang/crates.io-index
   │ ╰───────────────────────────────────────────────────────────────────┘ lock entries
```

2026-05-01 18:15:38 +02:00

Josh McKinney

4ed4c73d6b

chore(ci): add cargo audit workflow and policy (#7108 )

- add to ignore current unmaintained advisories (derivative, fxhash,
paste) so audits gate new issues only
- introduce GitHub Actions workflow to run on push/PR using to install
cargo-audit

Existing advisories (all "unmaintained"):
- https://rustsec.org/advisories/RUSTSEC-2024-0388
- https://rustsec.org/advisories/RUSTSEC-2025-0057
- https://rustsec.org/advisories/RUSTSEC-2024-0436

2025-11-24 12:20:55 -08:00

2 Commits