From 488767352d969ca64b138a58f01d9e5d20730c7b Mon Sep 17 00:00:00 2001
From: Siegfried Weber <mail@siegfriedweber.net>
Date: Wed, 15 Apr 2026 13:53:37 +0200
Subject: [PATCH] chore: Ignore RUSTSEC-2026-0097 in deny.toml

---
 template/deny.toml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/template/deny.toml b/template/deny.toml
index 8ec7e452..4fa854b9 100644
--- a/template/deny.toml
+++ b/template/deny.toml
@@ -38,6 +38,13 @@ ignore = [
     #
     # This can only be removed again if we decide to use a different crate.
     "RUSTSEC-2024-0436",
+
+    # https://rustsec.org/advisories/RUSTSEC-2026-0097
+    # rand 0.8.5 is unsound when log+thread_rng features are enabled and a custom logger calls rand::rng().
+    #
+    # This version is pulled in transitively via num-bigint-dig -> rsa -> stackable-certs and cannot be
+    # updated until the upstream rsa crate bumps its rand dependency.
+    "RUSTSEC-2026-0097",
 ]
 
 [bans]