From b5816a00b4cf9548a5bcd68c710a21172dce8569 Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Mon, 10 Mar 2025 09:28:13 +0100
Subject: [PATCH] Ignore RUSTSEC-2024-0436 and RUSTSEC-2024-0437 for now

---
 deny.toml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deny.toml b/deny.toml
index 03e979c8a..e26a3cef2 100644
--- a/deny.toml
+++ b/deny.toml
@@ -14,6 +14,14 @@ ignore = [
     # RSA key extraction "Marvin Attack". This is only relevant when using
     # PKCS#1 v1.5 encryption, which we don't
     "RUSTSEC-2023-0071",
+
+    # `paste`, as used by `aws-lc-rs` is unmaintained, but we're not concerned
+    # about it having a security vulnerability
+    "RUSTSEC-2024-0436",
+
+    # rust-protobuf has an infinite recursion issue when parsing inputs. We only
+    # use protobuf for opentelemetry output, so we are not affected
+    "RUSTSEC-2024-0437",
 ]
 
 [licenses]