diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/cargo-audit.yml | 34 |
1 files changed, 12 insertions, 22 deletions
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index 75e6126ae4..4f5c87b660 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -16,30 +16,20 @@ on: jobs: audit: runs-on: ubuntu-latest + permissions: + issues: write steps: - name: Checkout repository uses: actions/checkout@v3 - - name: Install Protoc - uses: arduino/setup-protoc@v1 + - uses: actions-rust-lang/audit@v1 + name: Audit Rust Dependencies with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Install cargo-audit - uses: actions-rs/install@v0.1.2 - with: - crate: cargo-audit - version: latest - - - name: Audit - # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known - # good workarounds, and we want logs etc to be in local time. - # - # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, - # so it should be safe to ignore it. Stop ignoring the warning once - # atty has been replaced in clap (when we upgrade to clap 4): - # https://github.com/clap-rs/clap/pull/4249 - run: | - cargo audit --deny warnings \ - --ignore RUSTSEC-2020-0071 \ - --ignore RUSTSEC-2021-0145 + denyWarnings: true + # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known + # good workarounds, and we want logs etc to be in local time. + # + # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, + # so it should be safe to ignore it. Stop ignoring the warning once + # atty has been removed from our dependency tree. + ignore: RUSTSEC-2020-0071,RUSTSEC-2021-0145 |
