From e61ac8dd7fb0fd13a48f26e4f463660fbaadaf9f Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Tue, 3 Dec 2024 12:16:09 +0100
Subject: [PATCH] Silence two Rust advisories

---
 template/deny.toml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/template/deny.toml b/template/deny.toml
index 1d140638..2c0138d0 100644
--- a/template/deny.toml
+++ b/template/deny.toml
@@ -9,6 +9,27 @@ targets = [
 
 [advisories]
 yanked = "deny"
+ignore = [
+    # https://rustsec.org/advisories/RUSTSEC-2023-0071
+    # "rsa" crate: Marvin Attack: potential key recovery through timing sidechannel
+    #
+    # No patch is yet available, however work is underway to migrate to a fully constant-time implementation
+    # So we need to accept this, as of SDP 24.11 we are not using the rsa crate to create certificates used in production
+    # setups.
+    #
+    # TODO: Remove after https://github.com/RustCrypto/RSA/pull/394 is merged
+    "RUSTSEC-2023-0071",
+
+    # https://rustsec.org/advisories/RUSTSEC-2024-0384
+    # "instant" is unmaintained
+    #
+    # The upstream "kube" crate also silenced this in https://github.com/kube-rs/kube/commit/4f1e889f265da8f19f03f60683569cae1a154fda
+    # They/we are actively working on migrating kube from backoff to backon, which removes the transitive dependency on
+    # instant, in https://github.com/kube-rs/kube/pull/1652.
+    #
+    # TODO: Remove after https://github.com/kube-rs/kube/pull/1652 is merged
+    "RUSTSEC-2024-0384",
+]
 
 [bans]
 multiple-versions = "allow"