pezkuwi-sdk

Author	SHA1	Message	Date
pezkuwichain	b4b60ca49d	fix(security): upgrade deps and enforce security audit workflow - Upgrade bytes 1.11.0 → 1.11.1 (RUSTSEC-2026-0007 integer overflow) - Upgrade time 0.3.46 → 0.3.47 (RUSTSEC-2026-0009 DoS stack exhaustion) - Upgrade git2 0.20.3 → 0.20.4 (RUSTSEC-2026-0008 undefined behavior) - Upgrade keccak 0.1.5 → 0.1.6 (RUSTSEC-2026-0012 unsoundness) - Add ignore rules in deny.toml for unfixable upstream advisories (wasmtime 37.x, rsa, tracing-subscriber 0.2.x, lru) - Remove continue-on-error from security-audit workflow — audit is now enforced and will block CI on new unignored vulnerabilities	2026-03-05 03:00:59 +03:00
pezkuwichain	db371bd8dc	fix(ci): fix deny.toml taplo formatting (tabs + sorted arrays)	2026-02-25 21:43:36 +03:00
pezkuwichain	9e2a7120ab	fix(ci): add GPL-3.0-only to allowed licenses, fix taplo formatting	2026-02-25 21:27:05 +03:00
pezkuwichain	a02dc9badf	fix(ci): fix cargo-deny v2 config and make security audit informational	2026-02-25 21:09:34 +03:00
pezkuwichain	b8e0cba26a	fix(ci): update deny.toml to cargo-deny v2 format	2026-02-25 19:44:38 +03:00
pezkuwichain	fd7754f7e7	fix(ci): fix build failures and add security audit workflow - build-linux-stable: disable forklift GCS cache (RUSTC_WRAPPER="") that panics without GCP credentials on VPS runners - prepare-bridges-zombienet-artifacts: fix bridges/testing path to pezbridges/testing (rebrand path was not updated in workflow) - build-rustdoc: use CARGO_TARGET_DIR instead of ./target for doc output path (docs generated at /cache/target/doc, not ./target/doc) - build-push-image-*: add workspace permission fix step before checkout to handle root-owned files left by Docker container jobs - All build jobs: increase timeout from 120 to 180 minutes for VPS - Add cargo-deny + cargo-audit security audit workflow (weekly + on PR) - Add deny.toml with license, advisory, and source checks	2026-02-25 19:39:47 +03:00

6 Commits