Ignore unmaintained security advisory about paste for now (#18209)

# Objective The `paste` crate is giving us [warnings in CI](https://github.com/bevyengine/bevy/actions/runs/13751490200/job/38452998990?pr=18099) via `cargo-deny` about being unmaintained. This warning is quite noisy: making unrelated PRs seem like they have a problem due to a job failing. ## Solution Ignore the warning for now. There are multiple crates (accesskit, metal, macro_rules_attribute, rmp) which are using this, and there's no clear migration advice, even if we want to poke upstream to swap off. Strategy for ignoring was taken from https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.template.toml ## Testing Let's see if CI works! --------- Co-authored-by: andriyDev <andriydzikh@gmail.com>
2025-03-09 16:17:29 -04:00 · 2025-03-09 16:17:29 -04:00 · 11e0ef5391
commit 11e0ef5391
parent 09ff7ce9f6
1 changed files with 6 additions and 1 deletions
--- a/deny.toml
+++ b/deny.toml
@ -3,7 +3,12 @@ all-features = true

 [advisories]
 version = 2
-ignore = []
+ignore = [
+  # paste was announced as unmaintained with no explanation or replacement
+  # See: https://rustsec.org/advisories/RUSTSEC-2024-0436
+  # Bevy relies on this in multiple indirect ways, so ignoring it is the only feasible current solution
+  "RUSTSEC-2024-0436",
+]

 [licenses]
 version = 2