diff --git a/.cargo/audit.toml b/.cargo/audit.toml index 2a39b72..345325a 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -12,13 +12,4 @@ ignore = [ # 2. Calls rand::rng() from within that logger # Neither condition applies to 5-spot. "RUSTSEC-2026-0097", - - # RUSTSEC-2026-0173: proc-macro-error2 is UNMAINTAINED (a maintenance-status - # advisory, not a vulnerability — no known exploit). It is a build-time proc-macro - # pulled transitively via jiff 0.2.29 -> defmt -> defmt-macros, and defmt is jiff's - # OPTIONAL embedded (no_std) feature: `cargo tree -e features -i defmt` reports - # "nothing to print" for the host target, so proc-macro-error2 is never compiled - # into the 5-Spot binary — it exists only as a Cargo.lock entry. Removal awaits - # upstream (kube bumping jiff, or defmt-macros dropping proc-macro-error2). - "RUSTSEC-2026-0173", ] diff --git a/deny.toml b/deny.toml index fd6b3ab..1361a12 100644 --- a/deny.toml +++ b/deny.toml @@ -43,13 +43,7 @@ name = "unicode-ident" [advisories] version = 2 yanked = "deny" -ignore = [ - # See .cargo/audit.toml for the full justification. proc-macro-error2 is - # UNMAINTAINED (not a vulnerability), reached only via jiff's optional `defmt` - # feature which is never compiled for the host target — kept in sync with - # .cargo/audit.toml so `cargo deny` and `cargo audit` agree. - "RUSTSEC-2026-0173", -] +ignore = [] # ───────────────────────────────────────────────────────────────────────────── # Bans — prevent multiple versions of the same crate and wildcard deps.