From c4b8465e9ebd3c3ea30e1125e26bad8da75fed21 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 22:49:58 +0000 Subject: [PATCH 1/2] Initial plan From 17e98dcc66081bf6dd43d136dd8f14e3b753384f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 22:58:40 +0000 Subject: [PATCH 2/2] fix: resolve security audit CI failure - add checks:write permission and ignore paste advisory Co-authored-by: bashandbone <89049923+bashandbone@users.noreply.github.com> Agent-Logs-Url: https://github.com/bashandbone/submod/sessions/c20905af-2852-47a7-9a49-a6f428e19086 --- .github/workflows/ci.yml | 7 +++++-- deny.toml | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb013b7..5332dfb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,12 +69,15 @@ jobs: security_audit: name: Security Audit runs-on: ubuntu-latest + permissions: + checks: write + contents: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4 - uses: rustsec/audit-check@v1.4.1 with: token: ${{ secrets.GITHUB_TOKEN }} - ignore: RUSTSEC-2024-0364 + ignore: RUSTSEC-2024-0364,RUSTSEC-2024-0436 coverage: name: Code Coverage diff --git a/deny.toml b/deny.toml index 127c971..cfeee2e 100644 --- a/deny.toml +++ b/deny.toml @@ -82,6 +82,7 @@ feature-depth = 1 # output a note when they are encountered. ignore = [ "RUSTSEC-2024-0364", # gitoxide-core does not neutralize special characters for terminals. No patched version available. + "RUSTSEC-2024-0436", # paste is unmaintained; it is a transitive dependency via rustls-ffi -> macro_rules_attribute and has no patched version or security impact. # "RUSTSEC-0000-0000", # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish