Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1b708f8954
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| { id = "RUSTSEC-2024-0388", reason = "derivative is unmaintained; pulled in via starlark v0.13.0 used by execpolicy/cli/core; no fixed release yet" }, | ||
| { id = "RUSTSEC-2025-0057", reason = "fxhash is unmaintained; pulled in via starlark_map/starlark v0.13.0 used by execpolicy/cli/core; no fixed release yet" }, | ||
| { id = "RUSTSEC-2024-0436", reason = "paste is unmaintained; pulled in via ratatui/rmcp/starlark used by tui/execpolicy; no fixed release yet" }, |
There was a problem hiding this comment.
Removing the ignore for RUSTSEC-2026-0002 will cause cargo deny check advisories to fail because the lockfile still contains lru 0.12.5 (see codex-rs/Cargo.lock around lines 4588–4595). Unless the dependency has been upgraded in the same commit, this change reintroduces a known advisory and will break the advisory check in CI.
Useful? React with 👍 / 👎.
bolinfest
changed the title
2 participants
While here, remove one advisory from
deny.tomlthat has been addressed (it was showing up as a warning).