# cargo-audit configuration for blvm-consensus
# Each advisory is documented with rationale and upgrade path.
[]
# RUSTSEC-2025-0141 — bincode 1.3.3 is unmaintained
# Direct dep: used for binary encoding of test vectors and serialization helpers.
# Upgrading to bincode 2 requires a full API rewrite (different encode/decode interface).
# No CVE or memory-safety issue reported; purely an unmaintained-status advisory.
# Tracking: migrate to bincode 2 or an alternative (postcard, rmp-serde) in a future release.
= [
"RUSTSEC-2025-0141",
# lru < 0.16: IterMut unsoundness.
# Direct dep version has been bumped to ^0.16 in this repo's Cargo.toml.
# If this advisory continues to appear it is from a transitive dependency that has not
# yet been updated. We do NOT call iter_mut() on any LruCache in this codebase.
"RUSTSEC-2026-0002",
]