Allowlist cargo deny rand advisory. (#2481)

fnando · web-flow · commit 8097cf515832 · 2026-04-15T09:16:28.000-04:00
diff --git a/deny.toml b/deny.toml
@@ -35,6 +35,7 @@ ignore = [
     "RUSTSEC-2024-0436", # paste is no longer maintained
     "RUSTSEC-2025-0052", # async-std has been discontinued - used only in test dependencies
     "RUSTSEC-2025-0134", # rustls-pemfile has been discontinued - need to update stellar-rpc-client with compatible jsonrpsee (possible other deps too)
+    "RUSTSEC-2026-0097", # rand 0.8.5 unsound advisory - currently present in Cargo.lock via transitive dependencies such as ark-std and soroban-env-host
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ ignore = [`
`35`	`35`	`"RUSTSEC-2024-0436", # paste is no longer maintained`
`36`	`36`	`"RUSTSEC-2025-0052", # async-std has been discontinued - used only in test dependencies`
`37`	`37`	`"RUSTSEC-2025-0134", # rustls-pemfile has been discontinued - need to update stellar-rpc-client with compatible jsonrpsee (possible other deps too)`
	`38`	`+ "RUSTSEC-2026-0097", # rand 0.8.5 unsound advisory - currently present in Cargo.lock via transitive dependencies such as ark-std and soroban-env-host`
`38`	`39`	`]`
`39`	`40`	`# Threshold for security vulnerabilities, any vulnerability with a CVSS score`
`40`	`41`	`# lower than the range specified will be ignored. Note that ignored advisories`