From c74d48a1d2d50722c062df45b45609b72d96b382 Mon Sep 17 00:00:00 2001
From: Nathan Fox <fuchsnj@gmail.com>
Date: Tue, 22 Aug 2023 12:08:35 -0400
Subject: [PATCH 1/4] update rustls-webpki due to security advisory

---
 Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3b60529e4be98..4d97a3da1eb9a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7364,9 +7364,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.101.2"
+version = "0.101.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "513722fd73ad80a71f72b61009ea1b584bcfa1483ca93949c8f290298837fa59"
+checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
 dependencies = [
  "ring",
  "untrusted",

From 185f2af33ce331ae51bc47299d90ba71f9af4fb5 Mon Sep 17 00:00:00 2001
From: Nathan Fox <fuchsnj@gmail.com>
Date: Tue, 22 Aug 2023 14:30:23 -0400
Subject: [PATCH 2/4] patch webpki with rustls-webpki

---
 Cargo.lock | 3 +--
 Cargo.toml | 4 ++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4d97a3da1eb9a..63ac261ea235f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7365,8 +7365,7 @@ dependencies = [
 [[package]]
 name = "rustls-webpki"
 version = "0.101.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
+source = "git+https://github.com/rustls/webpki?tag=v/0.101.4#d7f6aa4d2138de89cec1daf1d07e7d3263f7d9b6"
 dependencies = [
  "ring",
  "untrusted",
diff --git a/Cargo.toml b/Cargo.toml
index 17a62c31a20d4..791d9eeee606c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -394,6 +394,10 @@ ntapi = { git = "https://github.com/MSxDOS/ntapi.git", rev = "24fc1e47677fc9f6e3
 openssl-sys = { git = "https://github.com/vectordotdev/rust-openssl", tag = "openssl-sys-v0.9.91_3.0.0" }
 openssl-src = { git = "https://github.com/vectordotdev/openssl-src-rs", tag = "release-300-force-engine_3.1.2" }
 
+# https://rustsec.org/advisories/RUSTSEC-2023-0052.html
+webpki = { package = "rustls-webpki", git = "https://github.com/rustls/webpki", tag = "v/0.101.4"}
+
+
 [features]
 # Default features for *-unknown-linux-gnu and *-apple-darwin
 default = ["api", "api-client", "enrichment-tables", "sinks", "sources", "sources-dnstap", "transforms", "unix", "rdkafka?/gssapi-vendored", "enterprise", "component-validation-runner"]

From d7add899401e7f604e8f11350065c870c64497a8 Mon Sep 17 00:00:00 2001
From: Nathan Fox <fuchsnj@gmail.com>
Date: Tue, 22 Aug 2023 15:16:36 -0400
Subject: [PATCH 3/4] add advisory to the ignore list temporarily

---
 Cargo.lock | 3 ++-
 Cargo.toml | 3 ---
 deny.toml  | 2 ++
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 63ac261ea235f..4d97a3da1eb9a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7365,7 +7365,8 @@ dependencies = [
 [[package]]
 name = "rustls-webpki"
 version = "0.101.4"
-source = "git+https://github.com/rustls/webpki?tag=v/0.101.4#d7f6aa4d2138de89cec1daf1d07e7d3263f7d9b6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
 dependencies = [
  "ring",
  "untrusted",
diff --git a/Cargo.toml b/Cargo.toml
index 791d9eeee606c..40ccbd5693789 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -394,9 +394,6 @@ ntapi = { git = "https://github.com/MSxDOS/ntapi.git", rev = "24fc1e47677fc9f6e3
 openssl-sys = { git = "https://github.com/vectordotdev/rust-openssl", tag = "openssl-sys-v0.9.91_3.0.0" }
 openssl-src = { git = "https://github.com/vectordotdev/openssl-src-rs", tag = "release-300-force-engine_3.1.2" }
 
-# https://rustsec.org/advisories/RUSTSEC-2023-0052.html
-webpki = { package = "rustls-webpki", git = "https://github.com/rustls/webpki", tag = "v/0.101.4"}
-
 
 [features]
 # Default features for *-unknown-linux-gnu and *-apple-darwin
diff --git a/deny.toml b/deny.toml
index f9453e19a109c..e0c29b4b2c3d2 100644
--- a/deny.toml
+++ b/deny.toml
@@ -38,4 +38,6 @@ license-files = [
 
 [advisories]
 ignore = [
+  # requires our dependencies to migrate to `rustls-webpki`S
+  "RUSTSEC-2023-0052.html"
 ]

From a3497185bb5285b3b3377ba1f93a5511af0ae16d Mon Sep 17 00:00:00 2001
From: Nathan Fox <fuchsnj@gmail.com>
Date: Tue, 22 Aug 2023 15:26:13 -0400
Subject: [PATCH 4/4] Update deny.toml

Co-authored-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
---
 deny.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deny.toml b/deny.toml
index e0c29b4b2c3d2..2b3d8991358a8 100644
--- a/deny.toml
+++ b/deny.toml
@@ -38,6 +38,6 @@ license-files = [
 
 [advisories]
 ignore = [
-  # requires our dependencies to migrate to `rustls-webpki`S
-  "RUSTSEC-2023-0052.html"
+  # requires our dependencies to migrate to `rustls-webpki`
+  "RUSTSEC-2023-0052"
 ]