From 9221b40950540137dc702b552d6ce890e2c2bb9a Mon Sep 17 00:00:00 2001
From: RobertZ2011 <33537514+RobertZ2011@users.noreply.github.com>
Date: Mon, 8 Jun 2026 13:19:45 -0700
Subject: [PATCH] Add RUSTSEC-2026-0173 exception (#882)

---
 deny.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deny.toml b/deny.toml
index e4ce30f88..b57ad5b79 100644
--- a/deny.toml
+++ b/deny.toml
@@ -78,7 +78,8 @@ ignore = [
     { id = "RUSTSEC-2024-0436", reason = "there are no suitable replacements for paste right now; paste has been archived as read-only. It only affects compile time concatenation in macros. We will allow it for now" },
     { id = "RUSTSEC-2023-0089", reason = "this is a deprecation warning for a dependency of a dependency. https://github.com/jamesmunns/postcard/issues/223 tracks fixing the dependency; until that's resolved, we can accept the deprecated code as it has no known vulnerabilities." },
     { id = "RUSTSEC-2025-0141", reason = "bincode is unmaintained, planning on migrating to an alternative." },
-    { id = "RUSTSEC-2026-0110", reason = "bare-metal is unmaintained, no safe upgrade available, need upstream dependencies to migrate away from it." },
+    { id = "RUSTSEC-2026-0110", reason = "bare-metal is deprecated and archived, which cortex-m has a dependency on. Need cortex-m to migrate away from it." },
+    { id = "RUSTSEC-2026-0173", reason = "proc-macro-error2 is unmaintained, no safe upgrade available, need upstream dependencies to migrate away from it." },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.