chore(deps): ignore RUSTSEC-2026-0049 (rustls-webpki) until rustls can be upgraded (#24986)

pront · claude · web-flow · commit f62a9ffa8729 · 2026-03-23T20:25:16.000Z
* chore: ignore new RUSTSEC advisories that cannot be immediately fixed Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove RUSTSEC-2026-0058 ignore, addressed by #24975 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/deny.toml b/deny.toml
@@ -49,4 +49,7 @@ ignore = [
   { id = "RUSTSEC-2025-0012", reason = "backoff is unmaintained" },
   # rustls-pemfile is unmaintained. Blocked by both async-nats and http 1.0.0 upgrade.
   { id = "RUSTSEC-2025-0134", reason = "rustls-pemfile is unmaintained" },
+  # rustls-webpki 0.101.7 vulnerability. Fix requires upgrading rustls from 0.21 to 0.23+,
+  # which is a significant chain upgrade through aws-smithy-http-client, hyper-rustls, tokio-rustls, etc.
+  { id = "RUSTSEC-2026-0049", reason = "Fix requires major rustls upgrade (0.21 -> 0.23+); tracked for future upgrade" },
 ]

Original file line number	Diff line number	Diff line change
`@@ -49,4 +49,7 @@ ignore = [`
`49`	`49`	`{ id = "RUSTSEC-2025-0012", reason = "backoff is unmaintained" },`
`50`	`50`	`# rustls-pemfile is unmaintained. Blocked by both async-nats and http 1.0.0 upgrade.`
`51`	`51`	`{ id = "RUSTSEC-2025-0134", reason = "rustls-pemfile is unmaintained" },`
	`52`	`+ # rustls-webpki 0.101.7 vulnerability. Fix requires upgrading rustls from 0.21 to 0.23+,`
	`53`	`+ # which is a significant chain upgrade through aws-smithy-http-client, hyper-rustls, tokio-rustls, etc.`
	`54`	`+ { id = "RUSTSEC-2026-0049", reason = "Fix requires major rustls upgrade (0.21 -> 0.23+); tracked for future upgrade" },`
`52`	`55`	`]`