diff --git a/Cargo.lock b/Cargo.lock index e306571687e..adfe7f01957 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1851,9 +1851,9 @@ dependencies = [ [[package]] name = "critical-section" -version = "1.1.3" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64009896348fc5af4222e9cf7d7d82a95a256c634ebcf61c53e4ea461422242" +checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b" [[package]] name = "crossbeam-channel" diff --git a/tools/cargo-deny/deny.toml b/tools/cargo-deny/deny.toml index be28a0684ff..b32af71b01a 100644 --- a/tools/cargo-deny/deny.toml +++ b/tools/cargo-deny/deny.toml @@ -22,7 +22,6 @@ exceptions = [ { allow = ["Apache-2.0 WITH LLVM-exception"], name = "wast", version = "*" }, { allow = ["Apache-2.0 WITH LLVM-exception"], name = "wasm-encoder", version = "*" }, { allow = ["OpenSSL"], name = "aws-lc-sys", version = "*" }, - # used by ockam_app_lib only as a build dependency { allow = ["MPL-2.0"], name = "cbindgen", version = "*" }, ] @@ -57,10 +56,13 @@ ignore = [ # Pulled-in by `cddl-cat` which is used for validating # CDDL schema conformance in tests. "RUSTSEC-2021-0127", - # yaml-rust is unmaintained. Switching to maintained fork yaml-rust2 is tricky # Tracked here https://github.com/build-trust/ockam/issues/7807 "RUSTSEC-2024-0320", + # + # `instant` is unmaintained and used by `indicatif` as of Nov 2024 + # `indicatif` is planning to replace the dependency: https://github.com/console-rs/indicatif/pull/667 + "RUSTSEC-2024-0384", ] # Users who require or prefer Git to use SSH cloning instead of HTTPS, # such as implemented via "insteadOf" rules in Git config, can still