mirror of
https://github.com/openai/codex.git
synced 2026-05-26 05:55:36 +00:00
5744b85b9a
Fix cargo deny by ack the `RUSTSEC` while a fix land
```
RUSTSEC-2026-0118
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
RUSTSEC-2026-0119
CPU exhaustion during message encoding due to O(n²) name compression
Dependency path:
hickory-proto 0.25.2
└── hickory-resolver 0.25.2
└── rama-dns 0.3.0-alpha.4
└── rama-tcp 0.3.0-alpha.4
└── codex-network-proxy
```
Also upgrade some workers version to prevent this:
```
warning[license-not-encountered]: license was not encountered
┌─ ./codex-rs/deny.toml:131:6
│
131 │ "OpenSSL",
│ ━━━━━━━ unmatched license allowance
warning[duplicate]: found 2 duplicate entries for crate 'base64'
┌─ /github/workspace/codex-rs/Cargo.lock:79:1
│
79 │ ╭ base64 0.21.7 registry+https://github.com/rust-lang/crates.io-index
80 │ │ base64 0.22.1 registry+https://github.com/rust-lang/crates.io-index
│ ╰───────────────────────────────────────────────────────────────────┘ lock entries
```
12 lines
784 B
TOML
12 lines
784 B
TOML
[advisories]
|
|
# Reviewed 2026-04-15. Keep this list in sync with ../deny.toml.
|
|
ignore = [
|
|
"RUSTSEC-2024-0388", # derivative 2.2.0 via starlark; upstream crate is unmaintained
|
|
"RUSTSEC-2025-0057", # fxhash 0.2.1 via starlark_map; upstream crate is unmaintained
|
|
"RUSTSEC-2024-0436", # paste 1.0.15 via starlark/ratatui; upstream crate is unmaintained
|
|
"RUSTSEC-2024-0320", # yaml-rust via syntect; remove when syntect drops or updates it
|
|
"RUSTSEC-2025-0141", # bincode via syntect; remove when syntect drops or updates it
|
|
"RUSTSEC-2026-0118", # hickory-proto via rama-dns/rama-tcp; remove when rama updates to hickory 0.26.1 or hickory-net
|
|
"RUSTSEC-2026-0119", # hickory-proto via rama-dns/rama-tcp; remove when rama updates to hickory 0.26.1 or hickory-net
|
|
]
|