diff --git a/deny.toml b/deny.toml
index 44cddfd..f276026 100644
--- a/deny.toml
+++ b/deny.toml
@@ -8,6 +8,10 @@ targets = [
     "aarch64-unknown-linux-musl",
 ]
 
+[[advisories.ignore]]
+id = "RUSTSEC-2024-0370"
+reason = "proc-macro-error is a transitive dependency of libcgroups"
+
 [licenses]
 allow = [
     "Apache-2.0",
@@ -16,14 +20,22 @@ allow = [
     "Unicode-DFS-2016",
 ]
 
-[[bans.skip-tree]]
-crate = "libcgroups@0.3.3"
-reason = "libcgroups 0.3.3 ships with nix 0.27, see upstream https://github.com/containers/youki/pull/2791"
-
 [[bans.skip-tree]]
 crate = "petgraph@0.6.5"
 reason = "petgraph 0.6.5 ships with fixedbitset 0.4.2, see upstream https://github.com/petgraph/petgraph/pull/617"
 
+[[bans.skip-tree]]
+crate = "nix@0.28"
+reason = "libcgroups 0.4.1 ships with nix 0.28, see upstream https://github.com/containers/youki/pull/2791"
+
 [[bans.skip-tree]]
 crate = "axum-core@0.4.3"
-reason = "axum 0.7.5 depends on sync_wrapper 1.0, but it also depends on axum-core 0.4.3, which depends on sync_wrapper 0.1.1"
+reason = "axum 0.7.5 depends on sync_wrapper 1.0, but it also depends on axum-core 0.4.3, which depends on sync_wrapper 0.1.1, see upstream https://github.com/tokio-rs/axum/issues/2871"
+
+[[bans.skip-tree]]
+crate = "tower@0.4.13"
+reason = "axum 0.7.5 depends on tower 0.4 and transitively on tower 0.5, see upstream https://github.com/tokio-rs/axum/pull/2880"
+
+[[bans.skip-tree]]
+crate = "capctl@0.2.4"
+reason = "capctl 0.2.4 ships with bitflags 1.3.2, see upstream https://github.com/cptpcrd/capctl/issues/3"