From e14946650e9b9bd5155f615286982bccca3ea06c Mon Sep 17 00:00:00 2001
From: Yihau Chen <yihau.chen@icloud.com>
Date: Wed, 2 Oct 2024 21:01:33 +0800
Subject: [PATCH 1/3] ci: ignore the tonic audit as a temporary stopgap (#3052)

(cherry picked from commit 9b5525d1270440601d7fe7980ab6b0652bf4fd01)

# Conflicts:
#	ci/do-audit.sh
---
 ci/do-audit.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ci/do-audit.sh b/ci/do-audit.sh
index ca3902d07f6619..1d139256a3e7ea 100755
--- a/ci/do-audit.sh
+++ b/ci/do-audit.sh
@@ -39,8 +39,19 @@ cargo_audit_ignores=(
   # See `[patch.crates-io.curve25519-dalek]` in Cargo.toml for more information
   --ignore RUSTSEC-2024-0344
 
+<<<<<<< HEAD
   # openssl
   --ignore RUSTSEC-2024-0357
+=======
+  # Crate:     tonic
+  # Version:   0.9.2
+  # Title:     Remotely exploitable Denial of Service in Tonic
+  # Date:      2024-10-01
+  # ID:        RUSTSEC-2024-0376
+  # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0376
+  # Solution:  Upgrade to >=0.12.3
+  --ignore RUSTSEC-2024-0376
+>>>>>>> 9b5525d127 (ci: ignore the tonic audit as a temporary stopgap (#3052))
 )
 scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter
 # we want the `cargo audit` exit code, not `$dep_tree_filter`'s

From 535bd0bc72a50e2f30d567c99e2bba4af24f7901 Mon Sep 17 00:00:00 2001
From: WillHickey <will.hickey@anza.xyz>
Date: Thu, 3 Oct 2024 16:44:26 -0500
Subject: [PATCH 2/3] Fix conflicts

---
 ci/do-audit.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ci/do-audit.sh b/ci/do-audit.sh
index 1d139256a3e7ea..eb40b41ab2e44e 100755
--- a/ci/do-audit.sh
+++ b/ci/do-audit.sh
@@ -39,10 +39,9 @@ cargo_audit_ignores=(
   # See `[patch.crates-io.curve25519-dalek]` in Cargo.toml for more information
   --ignore RUSTSEC-2024-0344
 
-<<<<<<< HEAD
   # openssl
   --ignore RUSTSEC-2024-0357
-=======
+
   # Crate:     tonic
   # Version:   0.9.2
   # Title:     Remotely exploitable Denial of Service in Tonic
@@ -51,7 +50,6 @@ cargo_audit_ignores=(
   # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0376
   # Solution:  Upgrade to >=0.12.3
   --ignore RUSTSEC-2024-0376
->>>>>>> 9b5525d127 (ci: ignore the tonic audit as a temporary stopgap (#3052))
 )
 scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter
 # we want the `cargo audit` exit code, not `$dep_tree_filter`'s

From 436b5ded6cbbcd1f2a11250f56e4b48df5fde707 Mon Sep 17 00:00:00 2001
From: WillHickey <will.hickey@anza.xyz>
Date: Thu, 3 Oct 2024 16:46:03 -0500
Subject: [PATCH 3/3] Update to mimic v2.0 change

---
 ci/do-audit.sh | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/ci/do-audit.sh b/ci/do-audit.sh
index eb40b41ab2e44e..1f4ed5e294e6ff 100755
--- a/ci/do-audit.sh
+++ b/ci/do-audit.sh
@@ -42,13 +42,10 @@ cargo_audit_ignores=(
   # openssl
   --ignore RUSTSEC-2024-0357
 
-  # Crate:     tonic
-  # Version:   0.9.2
-  # Title:     Remotely exploitable Denial of Service in Tonic
-  # Date:      2024-10-01
-  # ID:        RUSTSEC-2024-0376
-  # URL:       https://rustsec.org/advisories/RUSTSEC-2024-0376
-  # Solution:  Upgrade to >=0.12.3
+  # tonic
+  # When using tonic::transport::Server there is a remote DoS attack that can cause
+  # the server to exit cleanly on accepting a tcp/tls stream.
+  # Ignoring because we do not use this functionality.
   --ignore RUSTSEC-2024-0376
 )
 scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter