.sync: deny.toml Updates [Rebase & FF]#163
Merged
makubacki merged 2 commits intoJun 17, 2026
Merged
Conversation
… repos By design, these repos have a very minimal set of dependencies that are not shared with the main Patina repo and other Patina crates. This change removes deny.toml being synced to those repos since they will likely have minimal deny.toml changes over time and can simply be maintained independently and locally in those repos. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
The `paste` crate is marked as unmaintained in the RustSec advisory
database and pulled in transitively with `arm-gic` -> `arm-sysregs`:
```
├ paste v1.0.15
└── arm-sysregs v0.2.9
└── arm-gic v0.8.1
├── patina_dxe_core v22.0.1
│ └── qemu_dxe_core v3.0.8
└── patina_internal_cpu v22.0.1
├── patina_debugger v22.0.1
│ ├── patina_dxe_core v22.0.1 (*)
│ └── qemu_dxe_core v3.0.8 (*)
└── patina_dxe_core v22.0.1 (*)
```
This applies to the patina and patina-dxe-core-qemu repos. For now,
an exception is added to the deny.toml file to ignore this advisory
since it is only a build-time dependency and unmaintained.
```
error[unmaintained]: paste - no longer maintained
┌─ patina-dxe-core-qemu/Cargo.lock:37:1
│
37 │ paste 1.0.15 registry+https://github.com/rust-lang/crates.io-index
│ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
│
├ ID: RUSTSEC-2024-0436
├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0436
├ The creator of the crate `paste` has stated in the [`README.md`](https://github.com/dtolnay/paste/blob/master/README.md)
that this project is not longer maintained as well as archived the repository
```
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
os-d
approved these changes
Jun 17, 2026
vineelko
approved these changes
Jun 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
.sync/Files.yml: Drop deny.toml sync to patina-mtrr and patina-paging repos
By design, these repos have a very minimal set of dependencies that
are not shared with the main patina repo and other Patina crates.
This change removes deny.toml being synced to those repos since they
will likely have minimal deny.toml changes over time and can simply
be maintained independently and locally in those repos.
.sync: Add paste to ignore sec advisory list in deny.toml
The
pastecrate is marked as unmaintained in the RustSec advisorydatabase and pulled in transitively with
arm-gic->arm-sysregs:This applies to the patina and patina-dxe-core-qemu repos. For now,
an exception is added to the deny.toml file to ignore this advisory
since it is only a build-time dependency and unmaintained.