Security: Phase 3 Rust advisory umbrella #11
Description
Phase 3 umbrella tracking issue for temporary Rust advisory waivers in scripts/security/run-cargo-audit.sh.
Scope:
- Track mitigation ownership for all currently ignored RUSTSEC advisories.
- Enforce review date governance (current review target: 2026-03-01).
- Close or re-time-box each waiver with explicit owner and rationale.
Child issues:
- Security: Mitigate GTK3 advisory chain from Tauri Linux runtime #12 GTK3/Tauri Linux runtime advisory chain
- Security: Mitigate tauri-utils advisory chain (urlpattern/unic/fxhash) #13 tauri-utils advisory chain (
urlpattern/unic*+fxhash) - Security: Mitigate lancedb advisory chain (paste) #14 Lance/DataFusion advisory chain (
paste) - Security: Mitigate tantivy/lru unsound advisory chain #15 Tantivy/Lance advisory chain (
lru)
Exit criteria:
- Remove waiver where feasible via upgrades/feature-pruning.
- For unresolved items, document explicit risk acceptance with owner, issue, and next review date.