chore: mark known RustSec advisories as ignored pending upstream fixes

prajwolrg · prajwolrg · commit 8ab0ac8079d0 · 2026-03-17T16:13:08.000+05:45
Temporarily ignore known RustSec advisories that are blocked on upstream dependency fixes. Adds an audit.toml configuration and updates the security workflow to use it, keeping cargo audit noise low.
diff --git a/audit.toml b/audit.toml
@@ -0,0 +1,8 @@
+[advisories]
+ignore = [
+    # RUSTSEC-2025-0055 (tracing-subscriber 0.2.25)
+    # Pulled in via ark-relations.
+    # Upgrade blocked until upstream bumps tracing-subscriber >= 0.3.20.
+    # Low risk: affects ANSI escape sequences in logs only.
+    "RUSTSEC-2025-0055",
+]
