Fix cargo deny failures

Update crossbeam-epoch to 0.9.20 to fix RUSTSEC-2026-0204,
and ignore three advisories with no upstream fix available:

- RUSTSEC-2026-0192: ttf-parser is unmaintained (via ab_glyph)
- RUSTSEC-2026-0194/0195: quick-xml issues; zbus_xml and
  wayland-scanner are both still on quick-xml < 0.41

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Emil Ernerfeldt
2026-07-06 19:46:00 -07:00
parent f005960bdc
commit d8bf13d4d1
2 changed files with 5 additions and 2 deletions
+2 -2
View File
@@ -1029,9 +1029,9 @@ dependencies = [
[[package]]
name = "crossbeam-epoch"
version = "0.9.18"
version = "0.9.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
checksum = "2d6914041f254d6e9176c01941b21115dcfb7089e55135a35411081bd106ef3f"
dependencies = [
"crossbeam-utils",
]
+3
View File
@@ -33,6 +33,9 @@ version = 2
ignore = [
"RUSTSEC-2024-0320", # unmaintained yaml-rust pulled in by syntect
"RUSTSEC-2025-0141", # https://rustsec.org/advisories/RUSTSEC-2025-0141 - bincode is unmaintained - https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
"RUSTSEC-2026-0192", # ttf-parser is unmaintained - pulled in by ab_glyph via sctk-adwaita (Linux) - no replacement available
"RUSTSEC-2026-0194", # quick-xml quadratic run time on duplicate attribute check - transitive via zbus_xml and wayland-scanner (Linux only), which are both still on quick-xml < 0.41
"RUSTSEC-2026-0195", # quick-xml NsReader memory exhaustion - transitive via zbus_xml and wayland-scanner (Linux only), which are both still on quick-xml < 0.41
]
[bans]