Cosmian · Manuthor · Aug 16, 2025 · Aug 16, 2025 · Aug 16, 2025
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -0,0 +1,9 @@
+# Configuration for cargo-audit
+# This file defines security advisories to ignore, mirroring the exceptions in deny.toml
+
+[advisories]
+# List of advisory IDs to ignore (extracted from deny.toml)
+ignore = [
+    "RUSTSEC-2023-0071", # rsa
+    "RUSTSEC-2024-0436", # unmaintained paste
+]
diff --git a/.github/workflows/main_base.yml b/.github/workflows/main_base.yml
@@ -12,20 +12,17 @@ on:
         type: string
 
 jobs:
-  cargo-audit:
-    name: Security Audit
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - uses: EmbarkStudios/cargo-deny-action@v2
-
   cargo-lint:
     uses: Cosmian/reusable_workflows/.github/workflows/clippy.yml@develop
     with:
       toolchain: ${{ inputs.toolchain }}
 
+  cargo-deny:
+    uses: Cosmian/reusable_workflows/.github/workflows/cargo-audit.yml@develop
+    name: Security Audit
+    with:
+      toolchain: ${{ inputs.toolchain }}
+
   cargo-machete:
     uses: Cosmian/reusable_workflows/.github/workflows/cargo-machete.yml@develop
     with:
@@ -100,7 +97,7 @@ jobs:
   release:
     name: release
     needs:
-      - cargo-audit
+      - cargo-deny
       - cargo-lint
       - build
     uses: Cosmian/reusable_workflows/.github/workflows/push-artifacts.yml@develop

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/deny.toml b/deny.toml
@@ -71,11 +71,6 @@ feature-depth = 1
 # output a note when they are encountered.
 ignore = [
     { id = "RUSTSEC-2023-0071", reason = "rsa" },
-    { id = "RUSTSEC-2024-0388", reason = "unmaintained derivative" },
-    { id = "RUSTSEC-2024-0384", reason = "unmaintained instant" },
-    { id = "RUSTSEC-2024-0416", reason = "unmaintained atk-sys" },
-    { id = "RUSTSEC-2024-0418", reason = "unmaintained gdk-sys" },
-    { id = "RUSTSEC-2024-0420", reason = "unmaintained gtk-sys" },
     { id = "RUSTSEC-2024-0436", reason = "unmaintained paste" },
 
     #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
@@ -100,6 +95,7 @@ allow = [
     "Apache-2.0",
     "Apache-2.0 WITH LLVM-exception",
     "GPL-3.0",
+    "GPL-3.0-or-later",
     "ISC",
     "Zlib",
     "MPL-2.0",
@@ -109,6 +105,7 @@ allow = [
     "BSL-1.0",
     "BUSL-1.1",
     "AGPL-3.0",
+    "AGPL-3.0-only",
     "Unicode-3.0",
     "OFL-1.1",
     "LicenseRef-UFL-1.0",

diff --git a/findex-server b/findex-server
diff --git a/kms b/kms
diff --git a/test_data b/test_data
+9 −0		.cargo/audit.toml
+133 −0		.github/copilot-instructions.md
+23 −0		.github/scripts/docker-compose-authentication-tests.yml
+71 −0		.github/scripts/test_docker_image.sh
+5 −0		.github/workflows/main.yml
+5 −12		.github/workflows/main_base.yml
+1 −0		.github/workflows/main_release.yml
+2 −2		Cargo.lock
+2 −0		deny.toml
+1 −1		test_data
+8 −0		.cargo/audit.toml
+128 −0		.github/copilot-instructions.md
+4 −4		.github/scripts/docker-compose-authentication-tests.yml
+18 −18		.github/scripts/test_docker_image.sh
+4 −0		.github/workflows/main.yml
+0 −1		Cargo.lock
+0 −1		crate/server/Cargo.toml
+54 −3		crate/server/src/middlewares/jwt/jwt_config.rs
+20 −10		crate/server/src/routes/google_cse/jwt.rs
+3 −3		crate/server/src/routes/google_cse/operations.rs
+1 −1		crate/server/src/tests/google_cse/mod.rs
+3 −1		deny.toml