chore(deps): ignore pinned aes/ctr/rand in dependabot (rsa 0.9 / interactsh compat)

hahwul · hahwul · commit 7d6a2979cb13 · 2026-06-14T20:13:38.000+09:00
These deps are intentionally version-pinned per Cargo.toml comments for OOB blind-XSS crypto (AES-CTR + RSA-OAEP). Major bumps break the build until the interactsh crypto layer and/or rsa dep are updated in tandem. Added ignores after closing incompatible Dependabot PRs #1138, #1137, #1136 (after local cargo check compatibility verification).
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -15,3 +15,11 @@ updates:
     schedule:
       interval: weekly
     target-branch: "main"
+    ignore:
+      # These are intentionally pinned (see Cargo.toml comments).
+      # rsa 0.9 requires older rand_core 0.6; aes/ctr/rand 0.8 line is required
+      # for OOB interactsh blind-XSS crypto (AES-256-CTR + RSA-OAEP).
+      # Bumping requires coordinated updates to interactsh/crypto.rs + rsa features.
+      - dependency-name: "aes"
+      - dependency-name: "ctr"
+      - dependency-name: "rand"
