From b219eca4b39b6137c2c2406a4bf502c2b674fd74 Mon Sep 17 00:00:00 2001 From: Mykhailo Chalyi Date: Sat, 27 Jun 2026 18:31:26 -0500 Subject: [PATCH] fix(deps): remove stale pyo3 advisory ignores --- deny.toml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/deny.toml b/deny.toml index 0f78dcd0..269ce5cb 100644 --- a/deny.toml +++ b/deny.toml @@ -38,15 +38,6 @@ ignore = [ # Unmaintained build-time proc-macro in the bench harness only (not shipped # library code); no upgrade available (tabled 0.21 is latest) "RUSTSEC-2026-0173", - # pyo3: OOB read in PyList/PyTuple nth/nth_back (RUSTSEC-2026-0176) - # Patched in pyo3 >=0.29, but pyo3-async-runtimes has no 0.29 release yet - # (still pins pyo3 0.28), so we can't upgrade. Host-side Python bindings - # only — not reachable from sandboxed scripts. Remove on pyo3 0.29 bump. - "RUSTSEC-2026-0176", - # pyo3: missing Sync bound on PyCFunction::new_closure (RUSTSEC-2026-0177) - # Same 0.29 blocker; `new_closure` is not called anywhere in this - # workspace, so the unsound API is unreachable. Remove on pyo3 0.29 bump. - "RUSTSEC-2026-0177", ] [bans]