From 11e0ef5391b67fcb2efc4635c7051d488109d391 Mon Sep 17 00:00:00 2001
From: Alice Cecile <alice.i.cecile@gmail.com>
Date: Sun, 9 Mar 2025 16:17:29 -0400
Subject: [PATCH] Ignore unmaintained security advisory about paste for now
 (#18209)

# Objective

The `paste` crate is giving us [warnings in
CI](https://github.com/bevyengine/bevy/actions/runs/13751490200/job/38452998990?pr=18099)
via `cargo-deny` about being unmaintained.

This warning is quite noisy: making unrelated PRs seem like they have a
problem due to a job failing.

## Solution

Ignore the warning for now. There are multiple crates (accesskit, metal,
macro_rules_attribute, rmp) which are using this, and there's no clear
migration advice, even if we want to poke upstream to swap off.

Strategy for ignoring was taken from
https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.template.toml

## Testing

Let's see if CI works!

---------

Co-authored-by: andriyDev <andriydzikh@gmail.com>
---
 deny.toml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/deny.toml b/deny.toml
index 5373c938bc..7d76c70de0 100644
--- a/deny.toml
+++ b/deny.toml
@@ -3,7 +3,12 @@ all-features = true
 
 [advisories]
 version = 2
-ignore = []
+ignore = [
+  # paste was announced as unmaintained with no explanation or replacement
+  # See: https://rustsec.org/advisories/RUSTSEC-2024-0436
+  # Bevy relies on this in multiple indirect ways, so ignoring it is the only feasible current solution
+  "RUSTSEC-2024-0436",
+]
 
 [licenses]
 version = 2