mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 05:34:10 +03:00
[PR #6727] [CLOSED] Remediations/audit 2025 11 09 #3803
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/dani-garcia/vaultwarden/pull/6727
Author: @kalvinparker
Created: 1/16/2026
Status: ❌ Closed
Base:
main← Head:remediations/audit-2025-11-09📝 Commits (10+)
0951c8dAdd supply chain audit workflow with cargo-audit and cargo-deny steps54053f7Add audit and deny command error messages to respective files1f2cadcchore(audit): add cargo-deny policy, CI audit workflow and security note (2025-11-09)e3d2518chore(deps): attempt bump openidconnect and rmpv to avoid transitive rsa/paste5818cbfchore(audit): fix deny.toml to valid cargo-deny formatf84d861chore(audit): make deny.toml parseable by cargo-denyeb07761chore(deps): revert attempted openidconnect/rmpv bumps (incompatible with crates.io)22ff369chore(deps): allow caret ranges for rmpv and openidconnect to permit safe published bumpsf16723cchore(audit): add temporary deny exceptions for rsa and paste; add tracking issue and document in audit notea64bf18chore(audit): format deny.toml license exceptions as licenses.exceptions (cargo-deny compatible)📊 Changes
81 files changed (+2112 additions, -6 deletions)
View changed files
➕
.github/PR_BODY_UPDATE-2.md(+30 -0)➕
.github/workflows/audit.yml(+37 -0)➕
.github/workflows/supply-chain-audit-registered.yml(+59 -0)➕
.github/workflows/supply-chain-audit.yml(+70 -0)📝
Cargo.lock(+4 -4)📝
Cargo.toml(+2 -2)➕
SECURITY-AUDIT-2025-11-09.md(+56 -0)➕
audit.txt(+18 -0)➕
deny-advisories.txt(+6 -0)➕
deny-licenses.txt(+6 -0)➕
deny.toml(+29 -0)➕
docker/audit/Dockerfile(+19 -0)➕
docker/audit/audit.sh(+14 -0)➕
docker/audit/exp/patch_and_run.sh(+18 -0)➕
docker/audit/exp/reqwest_native_exp.sh(+16 -0)➕
docker/audit/output/ar_exp.done(+1 -0)➕
docker/audit/output/cargo-audit.err(+12 -0)➕
docker/audit/output/cargo-audit.json(+0 -0)➕
docker/audit/output/cargo-deny-advisories.err(+2 -0)➕
docker/audit/output/cargo-deny-advisories.json(+0 -0)...and 61 more files
📄 Description
No description provided
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.