fix(ci): add RUSTSEC-2026-0097 exception and fix gitleaks force-push#149
Merged
Destynova2 merged 1 commit intodevelopfrom Apr 11, 2026
Merged
fix(ci): add RUSTSEC-2026-0097 exception and fix gitleaks force-push#149Destynova2 merged 1 commit intodevelopfrom
Destynova2 merged 1 commit intodevelopfrom
Conversation
- deny.toml: ignore RUSTSEC-2026-0097 (rand unsound with custom logger calling rand::rng()). No impact: grob does not define a custom logger accessing ThreadRng. - ci.yml: for PRs, scan gitleaks against origin/<base-ref> instead of github.event.before. Force-pushes invalidate the "before" SHA, causing gitleaks to fail on a broken commit range. Using the base branch ref always resolves to a valid range. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
rand::rng()). No impact: grob does not define a custom logger accessingThreadRng.origin/<base-ref>instead ofgithub.event.before. Force-pushes invalidate the "before" SHA, causing gitleaks to fail on a broken commit range. Using the base branch ref always resolves to a valid range.Context
Unblocks PRs #146, #147, #148 which all fail on
cargo deny(RUSTSEC-2026-0097) andgitleaks(false positive from force-push).Test plan
cargo deny check advisoriespasses locally🤖 Generated with Claude Code