docs(security): note CVE-2026-43868 in thrift Rust crate; ci: skip docs-only PRs

[StefanSteiner]

Summary

Two related changes in this branch:

1. docs(security): note CVE-2026-43868 in thrift Rust crate — GitHub Dependabot flagged the Apache Thrift "Memory Allocation with Excessive Size Value" advisory (CVE-2026-43868 / GHSA-2f9f-gq7v-9h6m), which lists the Rust thrift crate ≤ 0.22.0 as affected. We can't fix it by upgrading, so this commit adds forward-looking comments to deny.toml and .cargo/audit.toml documenting what to do when RustSec eventually issues a RUSTSEC-2026-NNNN ID.
2. ci: skip CI for docs-only changes via paths-ignore — adds paths-ignore filters to ci.yml's push and pull_request triggers so future docs-only PRs (e.g. README typo fixes, prose updates in docs/) don't burn CI minutes.

The two are bundled because this PR is itself the kind of mostly-prose / config-only change that motivates the second commit. Note that this PR still triggers CI — ci.yml itself is modified, which (correctly) doesn't match paths-ignore.

---

Commit 1: docs(security): note CVE-2026-43868 in thrift Rust crate

Why we can't just bump the version

Fact	Source
Affected: thrift Rust crate ≤ 0.22.0	GHSA-2f9f-gq7v-9h6m
Latest published on crates.io	thrift 0.17.0 (Nov 2022)
Apache Thrift's "0.23.0 fix"	C++/Java/Python bindings only — no patched Rust crate has been released
GHSA's recommended fix version	"Upgrade to 0.23.0" — but 0.23.0 doesn't exist on crates.io
How we depend on it	Transitively via parquet 58.2.0 (used by hyperdb-mcp for parquet metadata parsing)

cargo tree --invert thrift@0.17.0 confirms the path:

thrift v0.17.0
└── parquet v58.2.0
    └── hyperdb-mcp v0.1.1

Why CI isn't currently failing on this

Both our advisory checks (cargo audit and cargo deny check advisories) consume the RustSec advisory-db. As of this commit, RustSec hasn't ingested the GHSA into a RUSTSEC-2026-NNNN ID, so neither tool flags it.

When RustSec does ingest it (typically days to weeks after a GHSA lands), the audit and deny jobs will start failing. The forward-looking comments tell the next maintainer exactly what to do at that point.

What changes (commit 1)

Two files, comments only:

• deny.toml — block comment after the existing [advisories].ignore list explaining the situation and instructing how to add the waiver when RustSec issues an ID.
• .cargo/audit.toml — same explanation, shorter form, since this file mirrors deny.toml's ignore list.

No code changes. No version bumps.

Threat model

For context (so the future waiver rationale is coherent):

• We don't depend on thrift directly. It comes in only through parquet, which uses it for parsing parquet file metadata.
• hyperdb-mcp exposes parquet via load_file / query_file / export tools. The inputs are operator-supplied local file paths — there's no remote endpoint that ingests untrusted parquet over the wire.
• The hyperdb-mcp threat model already assumes operators can load arbitrary local files. A "memory allocation with excessive size value" via a malicious parquet header is strictly weaker than the existing threat surface.

---

Commit 2: ci: skip CI for docs-only changes via paths-ignore

Rationale

Pure-prose changes (top-level *.md, docs/**, LICENSE files, GitHub issue/PR templates) don't affect Rust compilation, lint output, advisory checks, or the publish dry-run. Without paths-ignore, every typo fix in a README runs the full test matrix on three platforms.

What changes (commit 2)

ci.yml's push: and pull_request: triggers gain paths-ignore filters:

paths-ignore:
  - "**/*.md"
  - "docs/**"
  - "LICENSE-*"
  - "NOTICE"
  - ".github/ISSUE_TEMPLATE/**"
  - ".github/pull_request_template.md"

Deliberately NOT in the ignore list

• deny.toml and .cargo/audit.toml — these configure the security checks themselves; a typo would silently disable them.
• .github/workflows/** — workflow edits should run CI.
• examples/**.rs — these are Rust source compiled by cargo build --examples and validated as part of the test job.
• All Cargo.toml / Cargo.lock / package.json — affect compilation and dependency graphs.

Edge cases verified

• Mixed PRs (docs + code) still trigger CI because paths-ignore only suppresses the workflow when ALL changed files match.
• YAML anchors — GitHub Actions doesn't reliably support YAML anchors/aliases, so the same list is duplicated under push and pull_request. A maintenance comment in the file says to keep them in sync.
• Branch protection — main has no required-status-checks rule today, so docs-only PRs that skip CI will merge cleanly. If required checks are added later, the right pattern is to mark them as "required if run" rather than strictly required.

Why bundle this commit with the thrift docs

This branch is itself a comments-only / config-only change — exactly the kind of PR that motivates paths-ignore. The next pure-prose PR after this lands will benefit. (This PR still triggers CI because ci.yml itself is modified.)

---

Recommended follow-ups (out of scope for this PR)

• File an issue or comment on apache/arrow-rs asking when parquet will switch off thrift (the alternative parquet2 crate doesn't use thrift at all).
• Set a calendar reminder to check the RustSec advisory-db for the assigned RUSTSEC-2026-NNNN ID; when it lands, follow the in-file instructions in deny.toml / .cargo/audit.toml to add the waiver.

Test plan

• CI green on this PR — ci.yml is modified, so the full matrix runs.
• cargo deny check and cargo audit --deny warnings continue to pass (TOML comment-only changes shouldn't affect either).
• After merge: open a small typo-fix PR against any *.md file and confirm CI does NOT trigger on it.
• After merge: open a PR with mixed *.md + *.rs changes and confirm CI DOES trigger on it.
• After merge: when RustSec ingests the GHSA, follow the in-file instructions to add the waiver entry in a follow-up PR.