From b43be773046e34f15a78a5e65dff2c1f978efb9f Mon Sep 17 00:00:00 2001 From: Nando Vieira Date: Tue, 14 Apr 2026 15:14:05 -0700 Subject: [PATCH 1/2] Allowlist cargo deny rand advisory. --- deny.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/deny.toml b/deny.toml index 1fba94faf..8d436f4f3 100644 --- a/deny.toml +++ b/deny.toml @@ -35,6 +35,7 @@ ignore = [ "RUSTSEC-2024-0436", # paste is no longer maintained "RUSTSEC-2025-0052", # async-std has been discontinued - used only in test dependencies "RUSTSEC-2025-0134", # rustls-pemfile has been discontinued - need to update stellar-rpc-client with compatible jsonrpsee (possible other deps too) + "RUSTSEC-2026-0097", # rand 0.8.5 unsound advisory - pinned by transitive deps (ark-std, soroban-env-host); no patch in 0.8.x line ] # Threshold for security vulnerabilities, any vulnerability with a CVSS score # lower than the range specified will be ignored. Note that ignored advisories From b748792e48f16386e6dc36cce90cd71017a21a6d Mon Sep 17 00:00:00 2001 From: Nando Vieira Date: Tue, 14 Apr 2026 15:24:50 -0700 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- deny.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deny.toml b/deny.toml index 8d436f4f3..3a2234bfb 100644 --- a/deny.toml +++ b/deny.toml @@ -35,7 +35,7 @@ ignore = [ "RUSTSEC-2024-0436", # paste is no longer maintained "RUSTSEC-2025-0052", # async-std has been discontinued - used only in test dependencies "RUSTSEC-2025-0134", # rustls-pemfile has been discontinued - need to update stellar-rpc-client with compatible jsonrpsee (possible other deps too) - "RUSTSEC-2026-0097", # rand 0.8.5 unsound advisory - pinned by transitive deps (ark-std, soroban-env-host); no patch in 0.8.x line + "RUSTSEC-2026-0097", # rand 0.8.5 unsound advisory - currently present in Cargo.lock via transitive dependencies such as ark-std and soroban-env-host ] # Threshold for security vulnerabilities, any vulnerability with a CVSS score # lower than the range specified will be ignored. Note that ignored advisories