From 5d050a456b5959d900fbdaa546e13521f4b6d08f Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Sun, 12 Apr 2026 21:23:48 -0600
Subject: [PATCH] rust: suppress cargo audit for RUSTSEC-2026-0097

Per https://rustsec.org/advisories/RUSTSEC-2026-0097,
this issue it not applicable unless the "log" and "thread_rng"
features of rand are enabled.  "log" is not enabled in our
dependency chain.

Updating to the fixed version of rand requires an MSRV of 1.85.

Ticket: #8467
(cherry picked from commit be36e67f52fd6b6b104cff9ceb38369dbaf0eaaf)
---
 .github/workflows/rust-checks.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/rust-checks.yml b/.github/workflows/rust-checks.yml
index c43c31e309..2537299be3 100644
--- a/.github/workflows/rust-checks.yml
+++ b/.github/workflows/rust-checks.yml
@@ -89,5 +89,7 @@ jobs:
           IGNORES+=(--ignore RUSTSEC-2019-0036)
           # time crate update
           IGNORES+=(--ignore RUSTSEC-2026-0009)
+          # rand, vla tls-parser
+          IGNORES+=(--ignore RUSTSEC-2026-0097)
 
           cargo audit -D warnings "${IGNORES[@]}"