diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2023-02-01 11:41:46 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2023-02-01 11:41:46 +0100 |
| commit | 5e86e08df425ee94d901c00cd406bc38fc9c24f7 (patch) | |
| tree | f63388b88aed8c8188cb87c9307cdb640bbb8f2c /.github | |
| parent | cc6b616ddf3b0fa2ef5253570591284d0f795ba0 (diff) | |
| parent | 1590d71649194668aab2e15306a875480faa55e7 (diff) | |
| download | mullvadvpn-5e86e08df425ee94d901c00cd406bc38fc9c24f7.tar.xz mullvadvpn-5e86e08df425ee94d901c00cd406bc38fc9c24f7.zip | |
Merge branch 'stricter-cargo-audit'
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/cargo-audit.yml | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index d7531c53af..75e6126ae4 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -34,9 +34,12 @@ jobs: - name: Audit # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known # good workarounds, and we want logs etc to be in local time. + # # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, # so it should be safe to ignore it. Stop ignoring the warning once - # atty has been replaced in clap and env_logger: + # atty has been replaced in clap (when we upgrade to clap 4): # https://github.com/clap-rs/clap/pull/4249 - # https://github.com/rust-cli/env_logger/pull/246 - run: cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2021-0145 + run: | + cargo audit --deny warnings \ + --ignore RUSTSEC-2020-0071 \ + --ignore RUSTSEC-2021-0145 |