Skip to content

fix: improve security advisory descriptions in deny.toml#408

Open
ygd58 wants to merge 2 commits intologos-blockchain:mainfrom
ygd58:fix/security-advisories-cargo-deny
Open

fix: improve security advisory descriptions in deny.toml#408
ygd58 wants to merge 2 commits intologos-blockchain:mainfrom
ygd58:fix/security-advisories-cargo-deny

Conversation

@ygd58
Copy link
Copy Markdown
Contributor

@ygd58 ygd58 commented Mar 26, 2026

Summary

Refs #321.

Improves the tracking comments for ignored security advisories in .deny.toml:

  • RUSTSEC-2025-0055 (tracing-subscriber): Clarified that v0.2.25 is pulled transitively by ark-relations v0.4.0. Fix requires upstream to upgrade to tracing-subscriber >=0.3.20.
  • RUSTSEC-2025-0141 (bincode): Documented recommended alternatives (postcard, bitcode, rkyv) for future migration.

These changes make it easier to track the status of each advisory and what action is needed.

Refs #321

@ygd58
fix: improve security advisory descriptions in deny.toml
6d2287b 
Improves tracking comments for ignored advisories per logos-blockchain#321:
- RUSTSEC-2025-0055: clarify that tracing-subscriber is pulled
  transitively by ark-relations v0.4.0 and needs upstream fix
- RUSTSEC-2025-0141: document bincode alternatives (postcard, bitcode, rkyv)

Refs logos-blockchain#321
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

external

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ygd58 @moudyellaz