From c187ff771209989732bcadb2cabc72abcfc3f9f0 Mon Sep 17 00:00:00 2001 From: Brendan Clement Date: Mon, 15 Jun 2026 06:37:03 -0700 Subject: [PATCH] chore: ignore pyo3 advisories RUSTSEC-2026-0176/0177 in cargo-deny (#3542) --- deny.toml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deny.toml b/deny.toml index d58f0fca4..a34901fdb 100644 --- a/deny.toml +++ b/deny.toml @@ -113,6 +113,12 @@ ignore = [ # rand from a custom logger; upgrade once all pinned chains accept 0.8.6+. # https://rustsec.org/advisories/RUSTSEC-2026-0097 { id = "RUSTSEC-2026-0097", reason = "transitive rand 0.8.5; LanceDB does not call ThreadRng from custom logging" }, + + # pyo3 advisories in the Python bindings; tracked pending a patched pyo3 release. + # https://rustsec.org/advisories/RUSTSEC-2026-0176 + # https://rustsec.org/advisories/RUSTSEC-2026-0177 + { id = "RUSTSEC-2026-0176", reason = "pyo3 in Python bindings; awaiting patched pyo3 release" }, + { id = "RUSTSEC-2026-0177", reason = "pyo3 in Python bindings; awaiting patched pyo3 release" }, ] # ---------------------------------------------------------------------------