Skip to content

Commit 96129c1

Browse files
committed
build: Exempt aho-corasick 1.1.4
It seems like everyone just decides to trust or exempt this crate. There are a few "safe-to-run" audits but no one really commits to an audit certifying "safe-to-deploy". I'm not content with this, but I definitely need way more time if I'm going to actually audit the whole thing. So for now, an exemption is preferred over "trusting" since it keeps the audit in my backlog. Signed-off-by: hashcatHitman <155700084+hashcatHitman@users.noreply.github.com>
1 parent 1f52e79 commit 96129c1

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

supply-chain/config.toml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@ url = "https://raw.githubusercontent.com/hashcatHitman/supply-chain/main/audits.
1313
[imports.mozilla]
1414
url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
1515

16+
[[exemptions.aho-corasick]]
17+
version = "1.1.4"
18+
criteria = "safe-to-deploy"
19+
1620
[[exemptions.memchr]]
1721
version = "2.7.6"
1822
criteria = "safe-to-deploy"

0 commit comments

Comments
 (0)