chore(ci): Update nightly build version (#1056)

* chore: Update nightly build version

* ignore advisory

* add license

---------

Co-authored-by: Thibault Martinez <thibault@iota.org>

Author: DaughterOfMars

.github/workflows/indexer.yml

@@ -20,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - run: cargo +nightly-2025-04-01 fmt --check --manifest-path indexer/Cargo.toml
+      - run: cargo +nightly-2026-01-07 fmt --check --manifest-path indexer/Cargo.toml
 
   udeps:
     name: Check unused dependencies
@@ -30,7 +30,7 @@ jobs:
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - run: cargo +nightly-2025-04-01 udeps --manifest-path indexer/Cargo.toml
+      - run: cargo +nightly-2026-01-07 udeps --manifest-path indexer/Cargo.toml
 
   deny-bans-licenses-sources:
     name: Cargo deny (bans, licenses, sources)

indexer/deny.toml

@@ -90,6 +90,8 @@ ignore = [
   "RUSTSEC-2025-0134",
   # `bincode` is unmaintained
   "RUSTSEC-2025-0141",
+  # `IterMut` violates Stacked Borrows by invalidating internal pointer (FIX ASAP)
+  "RUSTSEC-2026-0002",
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.
@@ -117,6 +119,7 @@ allow = [
   "Zlib",
   "OpenSSL",
   "Apache-2.0 WITH LLVM-exception",
+  "CDDL-1.0",
 ]
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the