From 8983677f291bd082b146f4bd649c847a65061fb6 Mon Sep 17 00:00:00 2001
From: Dmitrii Kovalkov <34828390+DimasKovas@users.noreply.github.com>
Date: Tue, 11 Mar 2025 23:09:32 +0400
Subject: [PATCH] Ignore cargo deny advisory RUSTSEC-2025-0014 for humantime
 (#11180)

## Problem

`humantime` is not maintained and `cargo deny check` fails

- Will be addressed in https://github.com/neondatabase/neon/issues/11179

## Summary of changes

Ignore RUSTSEC-2025-0014 advisory for now
---
 deny.toml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deny.toml b/deny.toml
index ed7aa9ef9f..1023b1833a 100644
--- a/deny.toml
+++ b/deny.toml
@@ -31,6 +31,10 @@ reason = "the marvin attack only affects private key decryption, not public key
 id = "RUSTSEC-2024-0436"
 reason = "The paste crate is a build-only dependency with no runtime components. It is unlikely to have any security impact."
 
+[[advisories.ignore]]
+id = "RUSTSEC-2025-0014"
+reason = "The humantime is widely used and is not easy to replace right now. It is unmaintained, but it has no known vulnerabilities to care about. #11179"
+
 # This section is considered when running `cargo deny check licenses`
 # More documentation for the licenses section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html