From f10209a79eb5463db1c467f72fa30860ff2af57e Mon Sep 17 00:00:00 2001
From: Alejandro Pedraza <alejandro@buoyant.io>
Date: Tue, 6 Jan 2026 14:26:48 +0000
Subject: [PATCH] deps: bump cargo-deny to 0.18.9

We were getting errors such as:

```
Error: -05 17:16:58 [ERROR] failed to load advisory database: parse error: error parsing /github/home/.cargo/advisory-db/advisory-db-3157b0e258782691/crates/cap-primitives/RUSTSEC-2024-0445.md: parse error: TOML parse error at line 8, column 8
  |
8 | cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
unsupported CVSS version: 4.0
```

This update adds support for CVSS version 4.0.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index be1f776..829e88c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -163,7 +163,7 @@ RUN url="https://github.com/rust-secure-code/cargo-auditable/releases/download/$
 
 # cargo-deny checks cargo dependencies for licensing and RUSTSEC security issues.
 FROM apt-base as cargo-deny
-ARG CARGO_DENY_VERSION=0.18.5 # repo=EmbarkStudios/cargo-deny
+ARG CARGO_DENY_VERSION=0.18.9 # repo=EmbarkStudios/cargo-deny
 RUN url="https://github.com/EmbarkStudios/cargo-deny/releases/download/${CARGO_DENY_VERSION}/cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl.tar.gz" ; \
     scurl "$url" | tar zvxf - --strip-components=1 -C /usr/local/bin "cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl/cargo-deny"