diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 0000000..3b2313c --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,11 @@ +# cargo-audit configuration +# https://github.com/rustsec/rustsec/blob/main/cargo-audit/audit.toml.example + +[advisories] +ignore = [ + # proc-macro-error2 is unmaintained. It is pulled in transitively by + # tabled and validator (both at their latest published versions), so + # there is no upgrade path to remove it. Revisit when either crate + # drops the dependency. + "RUSTSEC-2026-0173", +] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 16bd02a..f8b7d0e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,9 @@ on: pull_request: types: [opened, synchronize, reopened] +permissions: + contents: read + jobs: test: runs-on: blacksmith-2vcpu-ubuntu-2404 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10ece11..fd596e3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: - "[0-9]+.[0-9]+.[0-9]*" permissions: - contents: write + contents: read jobs: build: @@ -78,6 +78,8 @@ jobs: name: Create release needs: build runs-on: blacksmith-2vcpu-ubuntu-2404 + permissions: + contents: write steps: - name: Download all artifacts diff --git a/Cargo.lock b/Cargo.lock index e168630..8a6cd88 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1710,9 +1710,9 @@ dependencies = [ [[package]] name = "quinn-proto" -version = "0.11.14" +version = "0.11.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +checksum = "4fcb935c5bec503c2f0e306bdd3e58bb9029dcb14fa8d9ac76e3a5256ac0763e" dependencies = [ "aws-lc-rs", "bytes",