From 6ddc38290302024c00bb9a1ab24e314d16ec998d Mon Sep 17 00:00:00 2001
From: yangjie01 <yangjie01@baidu.com>
Date: Wed, 22 Apr 2026 21:01:25 +0800
Subject: [PATCH] ci: fix cargo-deny advisories check

Two independent advisory-db drifts since the last green cargo-deny run
on main were blocking CI on new PRs:

1. Drop stale RUSTSEC-2024-0370 ignore. `proc-macro-error` was removed
   from Cargo.lock by #4657 (jieba-rs 0.8.1 bump), so cargo-deny now
   reports `advisory-not-detected` for this ignore and fails the
   advisories check. Mirrors the cleanup pattern used in #5882.

2. Bump rustls-webpki 0.103.12 -> 0.103.13 to pick up the fix for
   RUSTSEC-2026-0104 (reachable panic when parsing a CRL with an empty
   `onlySomeReasons` BIT STRING). SemVer-compatible patch update.

Verified locally with `cargo deny --all-features check`:
  advisories ok, bans ok, licenses ok, sources ok
---
 Cargo.lock | 4 ++--
 deny.toml  | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c9d3aad3a88..aead4c1bbdd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7367,9 +7367,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.12"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
  "aws-lc-rs",
  "ring",
diff --git a/deny.toml b/deny.toml
index e799d67c437..20658390ef0 100644
--- a/deny.toml
+++ b/deny.toml
@@ -81,7 +81,6 @@ ignore = [
     #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
     #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
     { id = "RUSTSEC-2021-0153", reason = "`encoding` is used by lindera" },
-    { id = "RUSTSEC-2024-0370", reason = "`proc-macro-error` is used by jieba-rs via include-flate" },
     { id = "RUSTSEC-2024-0436", reason = "`paste` is used by datafusion" },
     { id = "RUSTSEC-2023-0071", reason = "`rsa` is used by opendal via reqsign" },
     { id = "RUSTSEC-2025-0119", reason = "`number_prefix` used by hf-hub in examples" },