diff --git a/template/deny.toml b/template/deny.toml index 2c0138d0..1d140638 100644 --- a/template/deny.toml +++ b/template/deny.toml @@ -9,27 +9,6 @@ targets = [ [advisories] yanked = "deny" -ignore = [ - # https://rustsec.org/advisories/RUSTSEC-2023-0071 - # "rsa" crate: Marvin Attack: potential key recovery through timing sidechannel - # - # No patch is yet available, however work is underway to migrate to a fully constant-time implementation - # So we need to accept this, as of SDP 24.11 we are not using the rsa crate to create certificates used in production - # setups. - # - # TODO: Remove after https://github.com/RustCrypto/RSA/pull/394 is merged - "RUSTSEC-2023-0071", - - # https://rustsec.org/advisories/RUSTSEC-2024-0384 - # "instant" is unmaintained - # - # The upstream "kube" crate also silenced this in https://github.com/kube-rs/kube/commit/4f1e889f265da8f19f03f60683569cae1a154fda - # They/we are actively working on migrating kube from backoff to backon, which removes the transitive dependency on - # instant, in https://github.com/kube-rs/kube/pull/1652. - # - # TODO: Remove after https://github.com/kube-rs/kube/pull/1652 is merged - "RUSTSEC-2024-0384", -] [bans] multiple-versions = "allow"