From 37d7c71fec43f6dbc6347de563df5b20920441da Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Mon, 1 Jan 2024 17:11:24 -0500
Subject: bump deps, fix cargo deny

---
 deny.toml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'deny.toml')

diff --git a/deny.toml b/deny.toml
index 91d24f3..0d8fbfe 100644
--- a/deny.toml
+++ b/deny.toml
@@ -8,6 +8,14 @@ targets = [
 [advisories]
 yanked = "deny"
 unsound = "deny"
+ignore = [
+    # this is only an unmaintained warning, and will hopefully be addressed
+    # by https://github.com/darfink/region-rs/pull/27
+    "RUSTSEC-2020-0168",
+    # this is a timing attack against using the rsa crate for encryption, but
+    # we only use rsa decryption here
+    "RUSTSEC-2023-0071",
+]
 
 [bans]
 multiple-versions = "deny"
@@ -15,6 +23,18 @@ wildcards = "deny"
 deny = [
     { name = "openssl-sys" },
 ]
+skip = [
+    # the ecosystem is pretty split on these at the moment, should keep an
+    # eye on this to remove once more things have standardized on version 2
+    { name = "bitflags", version = "1.3.2" },
+    { name = "bitflags", version = "2.4.1" },
+
+    # see https://github.com/dignifiedquire/num-bigint/pull/58 and
+    # https://github.com/RustCrypto/RSA/issues/390 which should hopefully
+    # resolve this soon
+    { name = "spin", version = "0.5.2" },
+    { name = "spin", version = "0.9.8" },
+]
 
 [licenses]
 allow = [
-- 
cgit v1.2.3-54-g00ecf