From 765d5ea8a8d3c747da74e3dab499c744145ea174 Mon Sep 17 00:00:00 2001 From: Lucas Meurer Date: Tue, 7 Jul 2026 10:59:40 +0200 Subject: [PATCH] Fix cargo deny (#8300) Updates crossbeam and ignores the others as there are no possible yet --- Cargo.lock | 4 ++-- deny.toml | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2085fa955..ad93f0e43 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1029,9 +1029,9 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.18" +version = "0.9.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +checksum = "2d6914041f254d6e9176c01941b21115dcfb7089e55135a35411081bd106ef3f" dependencies = [ "crossbeam-utils", ] diff --git a/deny.toml b/deny.toml index e926cdb19..830991a21 100644 --- a/deny.toml +++ b/deny.toml @@ -33,6 +33,9 @@ version = 2 ignore = [ "RUSTSEC-2024-0320", # unmaintained yaml-rust pulled in by syntect "RUSTSEC-2025-0141", # https://rustsec.org/advisories/RUSTSEC-2025-0141 - bincode is unmaintained - https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md + "RUSTSEC-2026-0192", # ttf-parser is unmaintained. Only brought in via winit/sctk-adwaita (wayland window frame rendering) + "RUSTSEC-2026-0194", # quick-xml DoS - fix is in >=0.41, but held back transitively by zbus_xml (accesskit) and wayland-scanner (winit) + "RUSTSEC-2026-0195", # quick-xml DoS - same as above ] [bans] @@ -111,6 +114,4 @@ license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }] unknown-registry = "deny" unknown-git = "deny" -allow-git = [ - "https://github.com/rerun-io/kittest", # TODO(lucasmerlin): remove this once the kittest crate is published" -] +allow-git = []