fix(ci): ignore RUSTSEC-2025-0066 and add deny.toml

Signed-off-by: Jeremiah Russell <jerry@jrussell.ie>
2026-03-13 08:40:24 +00:00
parent 38a0193010
commit a36c87301c
2 changed files with 32 additions and 0 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -58,6 +58,9 @@ workflows:
      - toolkit/security:
          name: security audit only
          sonarcloud: false
+          # RUSTSEC-2025-0066: google-apis-common unmaintained — core transitive
+          # dependency of google-gmail1; no maintained Gmail API alternative exists.
+          ignore_advisories: RUSTSEC-2025-0066
          filters:
            branches:
              only:
@@ -67,6 +70,9 @@ workflows:
      - toolkit/security:
          name: security with sonarcloud
          context: SonarCloud
+          # RUSTSEC-2025-0066: google-apis-common unmaintained — core transitive
+          # dependency of google-gmail1; no maintained Gmail API alternative exists.
+          ignore_advisories: RUSTSEC-2025-0066
          filters:
            branches:
              ignore:
--- a/deny.toml
+++ b/deny.toml
@@ -0,0 +1,26 @@
+# https://embarkstudios.github.io/cargo-deny/
+
+[advisories]
+ignore = [
+    # google-apis-common 8.0.0: project unmaintained (RUSTSEC-2025-0066).
+    # Core transitive dependency of google-gmail1 which is the only available
+    # Rust client for the Gmail API. No alternative available upstream.
+    { id = "RUSTSEC-2025-0066", reason = "transitive via google-gmail1; no maintained alternative for Gmail API access" },
+]
+
+[licenses]
+allow = [
+    "Apache-2.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "ISC",
+    "MIT",
+    "Unicode-3.0",
+]
+
+[bans]
+multiple-versions = "allow"
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"