From b999841de0bb3a2171adbe6132d0cef1035a0d72 Mon Sep 17 00:00:00 2001
From: TriplEight <pisarevden@gmail.com>
Date: Thu, 4 Jun 2026 15:23:01 +0200
Subject: [PATCH] Ignore RUSTSEC-2026-0098, -0099, -0104 in deny.toml

All three affect rustls-webpki 0.101.7, pulled transitively via
rustls 0.21.x through rocket_http. Fix requires rustls >=0.22;
blocked on upstream upgrade.
---
 deny.toml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/deny.toml b/deny.toml
index f8fdd684..62fa3f33 100644
--- a/deny.toml
+++ b/deny.toml
@@ -18,6 +18,13 @@ ignore = [
     # wrapper around rustls-pki-types and pulled in transitively via rustls 0.21.x.
     # Removing it requires upstream crates to drop their rustls 0.21 dependency.
     { id = "RUSTSEC-2025-0134", reason = "Transitive via rustls 0.21.x compat chain; blocked on upstream upgrade." },
+
+    # `rustls-webpki` v0.101.x bugs fixed in >=0.103.12/>=0.104.0-alpha.7 but that
+    # requires rustls >=0.22; rocket_http still pulls rustls 0.21.x. Blocked on
+    # upstream upgrade.
+    { id = "RUSTSEC-2026-0098", reason = "Transitive via rustls 0.21.x compat chain; blocked on upstream upgrade." },
+    { id = "RUSTSEC-2026-0099", reason = "Transitive via rustls 0.21.x compat chain; blocked on upstream upgrade." },
+    { id = "RUSTSEC-2026-0104", reason = "Transitive via rustls 0.21.x compat chain; blocked on upstream upgrade." },
 ]
 
 # =============================================================================