Skip to content

Commit 2454a6b

Browse files
committed
build: Exempt syn 2.0.114
It seems like everyone just decides to trust or exempt this crate. There are a few "safe-to-run" audits but no one really commits to an audit certifying "safe-to-deploy". I'm not content with this, but I definitely need way more time if I'm going to actually audit the whole thing. So for now, an exemption is preferred over "trusting" since it keeps the audit in my backlog. Signed-off-by: hashcatHitman <155700084+hashcatHitman@users.noreply.github.com>
1 parent f9c6687 commit 2454a6b

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

supply-chain/config.toml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,3 +28,7 @@ criteria = "safe-to-deploy"
2828
[[exemptions.regex-automata]]
2929
version = "0.4.13"
3030
criteria = "safe-to-deploy"
31+
32+
[[exemptions.syn]]
33+
version = "2.0.114"
34+
criteria = "safe-to-deploy"

0 commit comments

Comments
 (0)