diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6f12da1b82..c08d392c72 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -160,4 +160,4 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
diff --git a/deny.toml b/deny.toml
index 0316f50b7c..4d3bb20c52 100644
--- a/deny.toml
+++ b/deny.toml
@@ -3,8 +3,9 @@
 # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
 [advisories]
 ignore = [
-    # safemem transitive dependency, old and unmaintained but not critical and stable
-    "RUSTSEC-2023-0081",
+    # HACK(eddyb) `instant` is unmaintained (`web-time` suggested replacement),
+    # non-trivial to remove as e.g. even the latest `minifb` still uses it.
+    "RUSTSEC-2024-0384",
 ]
 
 # This section is considered when running `cargo deny check bans`.