From 3050cfca19c8736256142b91c45cec0fe45916ed Mon Sep 17 00:00:00 2001
From: Ritwik Srinivas <ritwikrsrinivas@gmail.com>
Date: Wed, 21 Aug 2024 17:55:09 -0400
Subject: [PATCH] feat(zed): pending-upstream-fix for GHSA-4grx-2x9w-596c,
 GHSA-c38w-74pg-36hr

---
 zed.advisories.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/zed.advisories.yaml b/zed.advisories.yaml
index aab910e95..7dd280211 100644
--- a/zed.advisories.yaml
+++ b/zed.advisories.yaml
@@ -107,6 +107,10 @@ advisories:
             componentType: rust-crate
             componentLocation: /usr/libexec/zed
             scanner: grype
+      - timestamp: 2024-08-21T21:48:03Z
+        type: pending-upstream-fix
+        data:
+          note: There is not currently a fixed version of the rsa crate. Currently, information about private keys is leaked via a side-channel timing attack, but work is underway to migrate to a fully constant-time implementation of the cryptography algorithm. So, we must wait for this implementation to be adopted by the rsa crate maintainers.
 
   - id: CGA-hpm6-2qvq-4337
     aliases:
@@ -124,6 +128,10 @@ advisories:
             componentType: rust-crate
             componentLocation: /usr/libexec/zed
             scanner: grype
+      - timestamp: 2024-08-21T21:48:03Z
+        type: pending-upstream-fix
+        data:
+          note: There is not currently a fixed version of the rsa crate. Currently, information about private keys is leaked via a side-channel timing attack, but work is underway to migrate to a fully constant-time implementation of the cryptography algorithm. So, we must wait for this implementation to be adopted by the rsa crate maintainers.
 
   - id: CGA-hv6w-7882-f89g
     aliases: