Two advisories are currently ignored in src-tauri/.cargo/audit.toml because no fixed upstream version is available:
- RUSTSEC-2023-0071 – RSA Marvin timing side-channel in
rsa 0.9.10 via underskrift / tsp-ltv (PAdES signing path).
- RUSTSEC-2024-0429 – unsoundness in
glib::VariantStrIter from Tauri's webkit2gtk/wry GTK stack.
This issue tracks checking upstream for fixes and removing the allow-list entries once patched versions are released. Run cd src-tauri && cargo audit without the ignores periodically to see if they become actionable.
Two advisories are currently ignored in
src-tauri/.cargo/audit.tomlbecause no fixed upstream version is available:rsa 0.9.10viaunderskrift/tsp-ltv(PAdES signing path).glib::VariantStrIterfrom Tauri's webkit2gtk/wry GTK stack.This issue tracks checking upstream for fixes and removing the allow-list entries once patched versions are released. Run
cd src-tauri && cargo auditwithout the ignores periodically to see if they become actionable.