1  # Cargo audit configuration
 2  # See: https://rustsec.github.io/cargo-audit/cargo-audit/config.html
 3  
 4  [advisories]
 5  # Vulnerabilities to ignore (with justification)
 6  ignore = [
 7      # RSA Marvin Attack - no fix available upstream
 8      # Risk mitigated: only affects RSA key recovery timing attacks,
 9      # not applicable to our SSH connection use case
10      "RUSTSEC-2023-0071",
11  
12      # idna Punycode validation - transitive from trust-dns-resolver
13      # Cannot upgrade until hickory-dns stabilizes
14      # Risk: minimal - only affects malformed Punycode domain labels
15      "RUSTSEC-2024-0421",
16  ]
17  
18  # Treat unmaintained crates as warnings, not errors
19  informational_warnings = ["unmaintained", "unsound"]