mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 10:44:10 +00:00
221a22bd7d
The yaml-rust dependency is unmaintained, but no suitable alternatives exist. We log an exception for this now and will revisit the topic after some time. Signed-off-by: Markus Rudy <mr@edgeless.systems>
9 lines
409 B
TOML
9 lines
409 B
TOML
[[IgnoredVulns]]
|
|
# yaml-rust is unmaintained.
|
|
# We tried the most promising alternative in https://github.com/kata-containers/kata-containers/pull/12509,
|
|
# but its literal quoting is not conformant.
|
|
id = "RUSTSEC-2024-0320"
|
|
ignoreUntil = 2026-10-01 # TODO(burgerdev): revisit yml library ecosystem
|
|
reason = "No alternative currently supports 'yes' strings correctly; genpolicy processes only trusted input."
|
|
|