ci: ignore the tonic audit as a temporary stopgap (#3052)

(cherry picked from commit 9b5525d) # Conflicts: # ci/do-audit.sh
anza-xyz · Oct 3, 2024 · e149466 · e149466
1 parent 0e8cfe0
commit e149466
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/ci/do-audit.sh b/ci/do-audit.sh
@@ -39,8 +39,19 @@ cargo_audit_ignores=(
   # See `[patch.crates-io.curve25519-dalek]` in Cargo.toml for more information
   --ignore RUSTSEC-2024-0344
 
+<<<<<<< HEAD
   # openssl
   --ignore RUSTSEC-2024-0357
+=======
+  # Crate:     tonic
+  # Version:   0.9.2
+  # Title:     Remotely exploitable Denial of Service in Tonic
+  # Date:      2024-10-01
+  # ID:        RUSTSEC-2024-0376
+  # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0376
+  # Solution:  Upgrade to >=0.12.3
+  --ignore RUSTSEC-2024-0376
+>>>>>>> 9b5525d127 (ci: ignore the tonic audit as a temporary stopgap (#3052))
 )
 scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter
 # we want the `cargo audit` exit code, not `$dep_tree_filter`'s