From 5db56bc7775bca821ef210daf888d453a1537c70 Mon Sep 17 00:00:00 2001 From: Arnold Loubriat Date: Tue, 14 Jul 2026 18:50:34 +0200 Subject: [PATCH] fix: Ignore vulnerabilities on build dependency quick-xml --- deny.toml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deny.toml b/deny.toml index 895f777..4bc2f11 100644 --- a/deny.toml +++ b/deny.toml @@ -17,7 +17,10 @@ all-features = true [advisories] db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] -ignore = [] +ignore = [ + { id = "RUSTSEC-2026-0194", reason = "quick-xml DoS on untrusted XML; only used at build time by zbus-lockstep on trusted protocol files, and zbus-lockstep requires quick-xml 0.36.2; doesn't execute on end-users system" }, + { id = "RUSTSEC-2026-0195", reason = "same quick-xml build-time usage as RUSTSEC-2026-0194; doesn't execute on end-users system" }, +] [licenses] allow = [