diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index cae620baf46cb..ac8d6ed6f9938 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -46,4 +46,9 @@ jobs:
         with:
           tool: cargo-audit
       - name: Run audit check
-        run: cargo audit
+        # RUSTSEC-2025-0111: tokio-tar is by testcontainers for orchestration
+        # of testing, so does not impact DataFusion's security
+        # See https://github.com/apache/datafusion/issues/18288
+        # NOTE: can remove this once testcontainers releases a version that includes
+        # https://github.com/testcontainers/testcontainers-rs/pull/852
+        run: cargo audit --ignore RUSTSEC-2025-0111
diff --git a/Cargo.lock b/Cargo.lock
index e368dcf9a91e2..735738338c3d5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3255,9 +3255,9 @@ dependencies = [
 
 [[package]]
 name = "half"
-version = "2.7.0"
+version = "2.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e54c115d4f30f52c67202f079c5f9d8b49db4691f460fdb0b4c2e838261b2ba5"
+checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b"
 dependencies = [
  "cfg-if",
  "crunchy",