Merge pull request #6479 from oasisprotocol/peternose/internal/clean-cve-list

peternose · web-flow · commit efa98287dd7e · 2026-03-24T16:29:25.000+01:00
go: Clean CVE list
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -1,5 +1,5 @@
 [advisories]
 ignore = [
     "RUSTSEC-2023-0071", # Does not affect our current use of the library.
-    "RUSTSEC-2024-0437", # Ignoring until dependencies are upgraded to protobuf v3.
+    "RUSTSEC-2026-0049", # Vulnerable crate is only used in simple-rofl test runtime.
 ]
diff --git a/.changelog/6479.internal.md b/.changelog/6479.internal.md
@@ -0,0 +1 @@
+rust: Add RUSTSEC-2026-0049 to audit.toml
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/go/.nancy-ignore b/go/.nancy-ignore
@@ -1,4 +1 @@
-CVE-2024-34478 # can be ignored as we only use a few crypto libraries from btcd
-CVE-2025-4673 until=2025-07-14  # no mitigation is currently available (2025-06-14)
 CVE-2021-43668 # the vulnerability does not affect us as we don't use LevelDB
-CVE-2025-11065 until=2025-12-01 # the vulnerability does not affect us

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`[advisories]`
`2`	`2`	`ignore = [`
`3`	`3`	`"RUSTSEC-2023-0071", # Does not affect our current use of the library.`
`4`		`- "RUSTSEC-2024-0437", # Ignoring until dependencies are upgraded to protobuf v3.`
	`4`	`+ "RUSTSEC-2026-0049", # Vulnerable crate is only used in simple-rofl test runtime.`
`5`	`5`	`]`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rust: Add RUSTSEC-2026-0049 to audit.toml`