@@ -344,10 +344,28 @@ jobs:
344344
345345 steps :
346346 - uses : actions/checkout@v4
347- - uses : EmbarkStudios/cargo-deny-action@v2
347+ - name : Install tomlq
348+ run : |
349+ # The runner already has the `yq` command but not its associated `tomlq` command.
350+ sudo apt-get update
351+ sudo apt-get install yq
352+ name : Strict check, but omit gix-testtools
353+ uses : EmbarkStudios/cargo-deny-action@v2
354+ with :
355+ command : check advisories
356+ arguments : --workspace --all-features --exclude gix-testtools
357+ - name : Configure less strict check
358+ run : |
359+ filter='.advisories.ignore += [
360+ { id: "RUSTSEC-2025-0021", reason: "gix-testtools can’t upgrade from old gix-features yet" }
361+ ]'
362+ tomlq "$filter" deny.toml --toml-output > deny-but-ignore-RUSTSEC-2025-0021.toml
363+ name : Less strict check, but include gix-testtools
364+ uses : EmbarkStudios/cargo-deny-action@v2
348365 with :
349- arguments : --workspace --all-features
350366 command : check advisories
367+ arguments : --workspace --all-features
368+ command-arguments : --config deny-but-ignore-RUSTSEC-2025-0021.toml
351369
352370 cargo-deny :
353371 runs-on : ubuntu-latest
@@ -356,8 +374,8 @@ jobs:
356374 - uses : actions/checkout@v4
357375 - uses : EmbarkStudios/cargo-deny-action@v2
358376 with :
359- arguments : --workspace --all-features
360377 command : check bans licenses sources
378+ arguments : --workspace --all-features
361379
362380 wasm :
363381 name : WebAssembly
0 commit comments