DataDog
diff --git a/‎bottlecap/Cargo.lock‎
Lines changed: 9 additions & 8 deletions b/‎bottlecap/Cargo.lock‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎bottlecap/Cargo.toml‎
Lines changed: 3 additions & 0 deletions b/‎bottlecap/Cargo.toml‎
Lines changed: 3 additions & 0 deletions
@@ -53,6 +53,9 @@ opentelemetry-semantic-conventions = { version = "0.30", features = ["semconv_ex
 rustls-native-certs = { version = "0.8.1", optional = true }
 axum = { version = "0.8.4", default-features = false, features = ["default"] }
 ustr = { version = "1.0.0", default-features = false }
+# Pin to >=0.3.47 to fix RUSTSEC-2026-0009 (DoS via stack exhaustion); transitive via cookie.
+# https://rustsec.org/advisories/RUSTSEC-2026-0009
+time = { version = "0.3.47", default-features = false }
 tower-http = { version = "0.6.6", default-features = false, features = ["limit"] }
 hyper-http-proxy = { version = "1.1.0", default-features = false, features = [
     "rustls-tls-webpki-roots",