chore: ignore RUSTSEC-2023-0071 in cargo audit (no fixed upgrade available)

fix: resolve cargo audit command failure in CI/CD pipelines
2026-05-02 21:15:43 +02:00 · 2026-05-02 21:10:34 +02:00
4 changed files with 5 additions and 3 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -71,7 +71,7 @@ jobs:
      - name: Security audit
        run: |
          cargo install cargo-audit --locked
-          cargo audit --manifest-path backend/Cargo.toml
+          cd backend && cargo audit

      - name: Build frontend
        run: pnpm --dir frontend build
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -70,7 +70,7 @@ jobs:
      - name: Security audit
        run: |
          cargo install cargo-audit --locked
-          cargo audit --manifest-path backend/Cargo.toml
+          cd backend && cargo audit

      - name: Build frontend
        run: pnpm --dir frontend build
--- a/backend/audit.toml
+++ b/backend/audit.toml
@@ -0,0 +1,2 @@
+[advisories]
+ignore = ["RUSTSEC-2023-0071"] # Marvin Attack: potential key recovery through timing sidechannels in 'rsa' crate. No fixed upgrade available yet.
--- a/deploy/values_override.yaml
+++ b/deploy/values_override.yaml
@@ -3,7 +3,7 @@ httpRoute:
    - tutor.puchstein.dev

 image:
-  tag: v0.1.12
+  tag: v0.1.14

 env:
  extra: {}
Author	SHA1	Message	Date
s0wlz (Matthias Puchstein)	20b3364786	chore: ignore RUSTSEC-2023-0071 in cargo audit (no fixed upgrade available) Some checks failed Release / release (push) Failing after 2m38s Details	2026-05-02 21:15:43 +02:00
s0wlz (Matthias Puchstein)	968f7d0691	fix: resolve cargo audit command failure in CI/CD pipelines Some checks failed Release / release (push) Failing after 2m13s Details	2026-05-02 21:10:34 +02:00