diff --git a/Cargo.lock b/Cargo.lock
index 6047ec37e818..1d54c9a4d249 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2710,15 +2710,14 @@ dependencies = [
 
 [[package]]
 name = "insta"
-version = "1.29.0"
+version = "1.38.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a28d25139df397cbca21408bb742cf6837e04cdbebf1b07b760caf971d6a972"
+checksum = "3eab73f58e59ca6526037208f0e98851159ec1633cf17b6cd2e1f2c3fd5d53cc"
 dependencies = [
  "console",
  "lazy_static",
  "linked-hash-map",
  "similar",
- "yaml-rust",
 ]
 
 [[package]]
@@ -7737,15 +7736,6 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1dbabb1cbd15a1d6d12d9ed6b35cc6777d4af87ab3ba155ea37215f20beab80c"
 
-[[package]]
-name = "yaml-rust"
-version = "0.4.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85"
-dependencies = [
- "linked-hash-map",
-]
-
 [[package]]
 name = "zbus"
 version = "3.14.1"
diff --git a/deny.toml b/deny.toml
index dfc8af646a78..c7773eb03dd2 100644
--- a/deny.toml
+++ b/deny.toml
@@ -6,8 +6,10 @@
 # Install: `cargo install cargo-deny`
 # Check: `cargo deny check`.
 
+
 # Note: running just `cargo deny check` without a `--target` can result in
 # false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324
+[graph]
 targets = [
   { triple = "aarch64-apple-darwin" },
   { triple = "i686-pc-windows-gnu" },
@@ -21,16 +23,19 @@ targets = [
   { triple = "x86_64-unknown-linux-musl" },
   { triple = "x86_64-unknown-redox" },
 ]
+all-features = true
+
 
 [advisories]
-vulnerability = "deny"
-unmaintained = "warn"
-yanked = "deny"
-ignore = []
+version = 2
+ignore = [
+  "RUSTSEC-2023-0081", # TODO(#5998): unmaintained crate "safemem" pulled in by "cargo-run-wasm"
+]
+
 
 [bans]
 multiple-versions = "deny"
-wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed
+wildcards = "allow" # We use them for examples
 deny = [
   { name = "cgmath" },      # We use glam
   { name = "cmake" },       # Never again
@@ -69,11 +74,9 @@ skip-tree = [
 
 
 [licenses]
+version = 2
 private = { ignore = true }
-unlicensed = "deny"
-allow-osi-fsf-free = "neither"
-confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text
-copyleft = "deny"
+confidence-threshold = 0.93 # We want really high confidence when inferring licenses from text
 allow = [
   "Apache-2.0 WITH LLVM-exception", # https://spdx.org/licenses/LLVM-exception.html
   "Apache-2.0",                     # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
@@ -91,6 +94,7 @@ allow = [
   "Unicode-DFS-2016",               # https://spdx.org/licenses/Unicode-DFS-2016.html
   "Zlib",                           # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
 ]
+exceptions = []
 
 [[licenses.clarify]]
 name = "webpki"
@@ -103,5 +107,9 @@ expression = "MIT AND ISC AND OpenSSL"
 license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
 
 
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+
 [sources.allow-org]
 github = ["emilk", "rerun-io"]