Use dedicated github action for cargo audit

Integrates better with Github actions, and yields better output on
errors

1 files changed, 12 insertions, 22 deletions

diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
index 75e6126ae4..4f5c87b660 100644
--- a/.github/workflows/cargo-audit.yml
+++ b/.github/workflows/cargo-audit.yml
@@ -16,30 +16,20 @@ on:
 jobs:
   audit:
     runs-on: ubuntu-latest
+    permissions:
+      issues: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Install Protoc
-        uses: arduino/setup-protoc@v1
+      - uses: actions-rust-lang/audit@v1
+        name: Audit Rust Dependencies
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install cargo-audit
-        uses: actions-rs/install@v0.1.2
-        with:
-          crate: cargo-audit
-          version: latest
-
-      - name: Audit
-        # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known
-        # good workarounds, and we want logs etc to be in local time.
-        #
-        # RUSTSEC-2021-0145: The vulnerability affects custom global allocators,
-        # so it should be safe to ignore it. Stop ignoring the warning once
-        # atty has been replaced in clap (when we upgrade to clap 4):
-        # https://github.com/clap-rs/clap/pull/4249
-        run: |
-          cargo audit --deny warnings \
-            --ignore RUSTSEC-2020-0071 \
-            --ignore RUSTSEC-2021-0145
+          denyWarnings: true
+          # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known
+          # good workarounds, and we want logs etc to be in local time.
+          #
+          # RUSTSEC-2021-0145: The vulnerability affects custom global allocators,
+          # so it should be safe to ignore it. Stop ignoring the warning once
+          # atty has been removed from our dependency tree.
+          ignore: RUSTSEC-2020-0071,RUSTSEC-2021-0145