cargo-deny currently complains about https://rustsec.org/advisories/RUSTSEC-2026-0002
We depend on lru 0.13.0 because of pkarr (this one we don't really use, it is some iroh dependency for global discovery which we disable) and lru 0.12.5 because of iroh-relay (again, we don't have a relay running in the core, so this should not be a problem unless iroh imports some types from iroh-relay).
We cannot update iroh 0.35.0 now, plan is to update to 1.0 when it is out. So the best we can do is probably add an exception.
Maybe there will be an update to older releases, but seems unlikely, anyway asked at jeromefroe/lru-rs#224 (comment)
cargo-deny currently complains about https://rustsec.org/advisories/RUSTSEC-2026-0002
We depend on
lru0.13.0 because ofpkarr(this one we don't really use, it is some iroh dependency for global discovery which we disable) andlru0.12.5 because ofiroh-relay(again, we don't have a relay running in the core, so this should not be a problem unlessirohimports some types fromiroh-relay).We cannot update iroh 0.35.0 now, plan is to update to 1.0 when it is out. So the best we can do is probably add an exception.
Maybe there will be an update to older releases, but seems unlikely, anyway asked at jeromefroe/lru-rs#224 (comment)