Skip to content

Commit f9c6687

Browse files
committed
build: Exempt regex 1.12.2
It seems like everyone just decides to trust or exempt this crate. There are a few "safe-to-run" audits but no one really commits to an audit certifying "safe-to-deploy". I'm not content with this, but I definitely need way more time if I'm going to actually audit the whole thing. So for now, an exemption is preferred over "trusting" since it keeps the audit in my backlog. Signed-off-by: hashcatHitman <155700084+hashcatHitman@users.noreply.github.com>
1 parent 0e3a7bd commit f9c6687

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

supply-chain/config.toml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,10 @@ criteria = "safe-to-deploy"
2121
version = "2.7.6"
2222
criteria = "safe-to-deploy"
2323

24+
[[exemptions.regex]]
25+
version = "1.12.2"
26+
criteria = "safe-to-deploy"
27+
2428
[[exemptions.regex-automata]]
2529
version = "0.4.13"
2630
criteria = "safe-to-deploy"

0 commit comments

Comments
 (0)