From 968fbb4b7ffaed405a0bf44b96ff7d8bdf07dd33 Mon Sep 17 00:00:00 2001
From: Fraser Hutchison <190532+Fraser999@users.noreply.github.com>
Date: Wed, 15 Apr 2026 12:27:46 +0100
Subject: [PATCH] fix: ignore new cargo audit warnings

---
 .cargo/audit.toml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 7266adc5..080c6e38 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -18,4 +18,13 @@ ignore = [
     # `lru` IterMut unsoundness; transitive dep via reth's `discv5` and `ratatui`.
     # Neither crate calls `iter_mut()` on the LruCache, so the affected code path is never hit.
     "RUSTSEC-2026-0002",
+
+    # `rsa` Marvin Attack; transitive dep via `sqlx-macros-core` -> `sqlx-mysql`. The `mysql`
+    # feature is not enabled, so `sqlx-mysql` is never compiled — it only appears in Cargo.lock.
+    "RUSTSEC-2023-0071",
+
+    # `rand` 0.8.5 unsoundness when `log` + `thread_rng` features are both enabled and a custom
+    # logger calls `rand::rng()` during reseeding. Our 0.8.5 (transitive via alloy-consensus)
+    # has neither feature enabled; our 0.9.4 is already patched.
+    "RUSTSEC-2026-0097",
 ]