From 18eef7e003a7a322dae476a3d756cf57650947b0 Mon Sep 17 00:00:00 2001
From: hanabi1224 <harlowmoo@gmail.com>
Date: Tue, 27 Jan 2026 09:24:52 +0800
Subject: [PATCH 1/4] fix(ci): cargo deny failure

---
 deny.toml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deny.toml b/deny.toml
index 7a6475b5998..01668bdde07 100644
--- a/deny.toml
+++ b/deny.toml
@@ -13,7 +13,9 @@ yanked = "warn"
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
-    "RUSTSEC-2024-0436",
+    "RUSTSEC-2024-0436", # paste - no longer maintained
+    "RUSTSEC-2025-0123", # opentelemetry-jaeger crate is unmaintained
+    "RUSTSEC-2025-0141", # Bincode is unmaintained
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories

From 8370eab8e326b7ec98f1cabea6e4a7db132f5005 Mon Sep 17 00:00:00 2001
From: hanabi1224 <harlowmoo@gmail.com>
Date: Mon, 23 Feb 2026 16:44:04 +0800
Subject: [PATCH 2/4] bump time and bytes

---
 Cargo.lock | 48 +++++++++++++++++++++++++++++-------------------
 deny.toml  |  1 -
 2 files changed, 29 insertions(+), 20 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 599c9b367cb..52834887d02 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -560,9 +560,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 dependencies = [
  "serde",
 ]
@@ -1064,9 +1064,9 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.4.0"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
+checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
 dependencies = [
  "powerfmt",
 ]
@@ -2400,9 +2400,9 @@ dependencies = [
 
 [[package]]
 name = "keccak"
-version = "0.1.5"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654"
+checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653"
 dependencies = [
  "cpufeatures",
 ]
@@ -3742,9 +3742,9 @@ dependencies = [
 
 [[package]]
 name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
 
 [[package]]
 name = "num-integer"
@@ -4989,18 +4989,28 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.219"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.219"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5509,30 +5519,30 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.41"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
  "deranged",
  "itoa",
  "num-conv",
  "powerfmt",
- "serde",
+ "serde_core",
  "time-core",
  "time-macros",
 ]
 
 [[package]]
 name = "time-core"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
 
 [[package]]
 name = "time-macros"
-version = "0.2.22"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
 dependencies = [
  "num-conv",
  "time-core",
diff --git a/deny.toml b/deny.toml
index 01668bdde07..322d18793ae 100644
--- a/deny.toml
+++ b/deny.toml
@@ -14,7 +14,6 @@ yanked = "warn"
 # output a note when they are encountered.
 ignore = [
     "RUSTSEC-2024-0436", # paste - no longer maintained
-    "RUSTSEC-2025-0123", # opentelemetry-jaeger crate is unmaintained
     "RUSTSEC-2025-0141", # Bincode is unmaintained
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score

From baa2ebb1919986a5fba633a4c65e834b9c1e6be9 Mon Sep 17 00:00:00 2001
From: hanabi1224 <harlowmoo@gmail.com>
Date: Tue, 17 Mar 2026 22:59:30 +0800
Subject: [PATCH 3/4] downgrade time

---
 Cargo.lock | 22 +++++++++++-----------
 deny.toml  |  3 ++-
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c44d6eea058..590fcebec82 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1050,9 +1050,9 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.5.8"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
+checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
 dependencies = [
  "powerfmt",
 ]
@@ -3721,9 +3721,9 @@ dependencies = [
 
 [[package]]
 name = "num-conv"
-version = "0.2.0"
+version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 
 [[package]]
 name = "num-integer"
@@ -5484,30 +5484,30 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.47"
+version = "0.3.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
+checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
 dependencies = [
  "deranged",
  "itoa",
  "num-conv",
  "powerfmt",
- "serde_core",
+ "serde",
  "time-core",
  "time-macros",
 ]
 
 [[package]]
 name = "time-core"
-version = "0.1.8"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
+checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
 
 [[package]]
 name = "time-macros"
-version = "0.2.27"
+version = "0.2.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
+checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
 dependencies = [
  "num-conv",
  "time-core",
diff --git a/deny.toml b/deny.toml
index 322d18793ae..07dc17ca581 100644
--- a/deny.toml
+++ b/deny.toml
@@ -13,8 +13,9 @@ yanked = "warn"
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
-    "RUSTSEC-2024-0436", # paste - no longer maintained
+    "RUSTSEC-2024-0436", # paste - no longer maintained https://github.com/libp2p/rust-libp2p/pull/6260
     "RUSTSEC-2025-0141", # Bincode is unmaintained
+    "RUSTSEC-2026-0009", # https://github.com/libp2p/rust-libp2p/pull/6273
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories

From b5763da9578035032c3928cda3f2646754961708 Mon Sep 17 00:00:00 2001
From: hanabi1224 <harlowmoo@gmail.com>
Date: Wed, 1 Apr 2026 17:49:03 +0800
Subject: [PATCH 4/4] update ignore list

---
 deny.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deny.toml b/deny.toml
index 07dc17ca581..9d37b6996ba 100644
--- a/deny.toml
+++ b/deny.toml
@@ -15,7 +15,7 @@ yanked = "warn"
 ignore = [
     "RUSTSEC-2024-0436", # paste - no longer maintained https://github.com/libp2p/rust-libp2p/pull/6260
     "RUSTSEC-2025-0141", # Bincode is unmaintained
-    "RUSTSEC-2026-0009", # https://github.com/libp2p/rust-libp2p/pull/6273
+    "RUSTSEC-2026-0049", # CRLs not considered authoritative by Distribution Point due to faulty matching logic
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories