chore(deps): Add exception for RUSTSEC-2024-0376 (#21401)

Since we can't upgrade to tonic v12 yet due to #19179. Signed-off-by: Jesse Szwedko <[email protected]>
vectordotdev · Oct 2, 2024 · 614a014 · 614a014
1 parent a0f3403
commit 614a014
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/deny.toml b/deny.toml
@@ -42,5 +42,10 @@ ignore = [
     # Vulnerability in `rsa` crate: https://rustsec.org/advisories/RUSTSEC-2023-0071.html
     # There is not fix available yet.
     # https://github.com/vectordotdev/vector/issues/19262
-    "RUSTSEC-2023-0071"
+    "RUSTSEC-2023-0071",
+
+    # Vulnerability in `tonic` crate: https://rustsec.org/advisories/RUSTSEC-2024-0376
+    # There is a fixed version (v0.12.3) but we are blocked from upgrading to `http` v1, which
+    # `tonic` v0.12 depends on. See https://github.com/vectordotdev/vector/issues/19179
+    "RUSTSEC-2024-0376",
 ]