chore(ci): Ignore RUSTSEC-2024-0336

jszwedko · jszwedko · commit ed7ac7f8ba2a · 2024-11-11T10:13:27.000-05:00
Vulnerabe version is only used in dev dependencies. Will work on upgrading separately.

Signed-off-by: Jesse Szwedko &lt;jesse.szwedko@datadoghq.com&gt;
diff --git a/deny.toml b/deny.toml
@@ -48,4 +48,9 @@ ignore = [
     # There is a fixed version (v0.12.3) but we are blocked from upgrading to `http` v1, which
     # `tonic` v0.12 depends on. See https://github.com/vectordotdev/vector/issues/19179
     "RUSTSEC-2024-0376",
+
+    # Advisory in rustls crate: https://rustsec.org/advisories/RUSTSEC-2024-0336 If a `close_notify`
+    # alert is received during a handshake, `complete_io` does not terminate.
+    # Vulnerable version only used in dev-dependencies
+    "RUSTSEC-2024-0336",
 ]
