fix(deps): resolve all RUSTSEC security advisories

.cargo/audit.toml

@@ -6,42 +6,8 @@
 # easily upgraded, typically due to deep dependency chains (e.g., wasmtime).
 
 [advisories]
-# These advisories are either:
-# 1. False positives for our use case
-# 2. In transitive dependencies we cannot easily update
-# 3. Low severity issues being tracked for future resolution
-#
-# All wasmtime issues are due to using v29.0.1 via cortex-plugins.
-# Upgrading wasmtime is a significant effort tracked separately.
-ignore = [
-    # wasmtime v29.0.1 - Unsound API access to WebAssembly shared linear memory
-    # Severity: low (1.8)
-    # We don't expose raw WebAssembly memory APIs to untrusted code
-    "RUSTSEC-2025-0118",
-
-    # wasmtime v29.0.1 - Host panic with fd_renumber WASIp1 function
-    # Severity: low (3.3)
-    # Limited exposure - panic doesn't compromise security
-    "RUSTSEC-2025-0046",
-
-    # wasmtime v29.0.1 - Segfault with f64.copysign operator on x86-64
-    # Severity: medium (4.1)
-    # Tracked for wasmtime upgrade
-    "RUSTSEC-2026-0006",
-
-    # fxhash v0.2.1 - unmaintained
-    # Transitive dependency via selectors/scraper and wasmtime
-    "RUSTSEC-2025-0057",
-
-    # paste v1.0.15 - unmaintained
-    # Transitive dependency via wasmtime and ratatui
-    "RUSTSEC-2024-0436",
-
-    # lru v0.12.5 - unsound IterMut implementation
-    # Transitive dependency via ratatui
-    # We don't use LRU cache iteration mutably
-    "RUSTSEC-2026-0002",
-]
+# No longer needed - wasmtime updated to v41, ratatui to v0.30
+ignore = []
 
 # Warn on informational advisories (unmaintained, unsound, etc.)
 informational_warnings = ["unmaintained", "unsound", "notice"]