forestia/bevy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ignore unmaintained security advisory about paste for now (#18209)

Browse Source 
# Objective

The `paste` crate is giving us [warnings in
CI](https://github.com/bevyengine/bevy/actions/runs/13751490200/job/38452998990?pr=18099)
via `cargo-deny` about being unmaintained.

This warning is quite noisy: making unrelated PRs seem like they have a
problem due to a job failing.

## Solution

Ignore the warning for now. There are multiple crates (accesskit, metal,
macro_rules_attribute, rmp) which are using this, and there's no clear
migration advice, even if we want to poke upstream to swap off.

Strategy for ignoring was taken from
https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.template.toml

## Testing

Let's see if CI works!

---------

Co-authored-by: andriyDev <andriydzikh@gmail.com>
This commit is contained in:
Alice Cecile 2025-03-09 16:17:29 -04:00 committed by GitHub
parent 09ff7ce9f6
commit 11e0ef5391
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
deny.toml
View File

@ -3,7 +3,12 @@ all-features = true
[advisories] [advisories]
version = 2 version = 2
ignore = [] ignore = [
# paste was announced as unmaintained with no explanation or replacement
# See: https://rustsec.org/advisories/RUSTSEC-2024-0436
# Bevy relies on this in multiple indirect ways, so ignoring it is the only feasible current solution
"RUSTSEC-2024-0436",
]
[licenses] [licenses]
version = 2 version = 2