From 65f7b05841ff62b864af20075723a3b83b2c486b Mon Sep 17 00:00:00 2001
From: Daniel Skates <zeophlite@gmail.com>
Date: Mon, 5 May 2025 13:50:03 +0800
Subject: [PATCH] Ignore RUSTSEC-2023-0089 until postcard is updated (#19038)

# Objective

- CI fails due to `atomic-polyfill` being unmaintained

## Solution

- Dependency chain of `postcard -> heapless -> atomic-polyfill` .
`heapless` is updated. `postcard` has not yet.
- See https://github.com/jamesmunns/postcard/issues/223
- Ignore the advisory for now

## Testing

- CI with this PR

---------

Co-authored-by: MichiRecRoom <1008889+LikeLakers2@users.noreply.github.com>
---
 deny.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deny.toml b/deny.toml
index 7d76c70de0..d22efdf153 100644
--- a/deny.toml
+++ b/deny.toml
@@ -8,6 +8,9 @@ ignore = [
   # See: https://rustsec.org/advisories/RUSTSEC-2024-0436
   # Bevy relies on this in multiple indirect ways, so ignoring it is the only feasible current solution
   "RUSTSEC-2024-0436",
+  # unmaintained: postcard -> heapless -> atomic-polyfill
+  # See https://github.com/jamesmunns/postcard/issues/223
+  "RUSTSEC-2023-0089",
 ]
 
 [licenses]