Skip to content

build(deps): bump askama from 0.12.1 to 0.16.0 #120

build(deps): bump askama from 0.12.1 to 0.16.0

build(deps): bump askama from 0.12.1 to 0.16.0 #120

Workflow file for this run

name: Cargo Audit
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# Weekly: Mondays 06:00 UTC
- cron: "0 6 * * 1"
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
jobs:
security_audit:
name: cargo audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: rustsec/audit-check@v1.4.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
denied-warnings: true
# RUSTSEC-2025-0134: rustls-pemfile unmaintained (transitive dev-dep
# via testcontainers/bollard; not present at runtime).
# RUSTSEC-2025-0111: tokio-tar PAX header smuggling (transitive
# dev-dep via testcontainers/bollard; not present at runtime).
# RUSTSEC-2023-0071: rsa Marvin Attack timing sidechannel applies
# only to RSA decryption. We use the rsa crate solely for OIDC
# JWK generation + signing — no decryption path. No upstream fix
# is available; the only mitigation would be migrating to a
# different RSA implementation, tracked separately.
ignore: RUSTSEC-2025-0134,RUSTSEC-2025-0111,RUSTSEC-2023-0071