summaryrefslogtreecommitdiffhomepage
path: root/.github/workflows/cargo-audit.yml
AgeCommit message (Collapse)AuthorFilesLines
2024-11-14Remove the cargo audit CI job, since the same is covered by cargo denyLinus Färnstrand1-38/+0
2024-10-18Upgrade cargo audit CI action ta latest versionLinus Färnstrand1-2/+2
Pin to commit since that's best practice
2024-10-15Stop ignoring RUSTSEC-2023-0079 (Kyber timing attack)Linus Färnstrand1-4/+0
The dependency with this CVE is no longer in our dependency tree
2024-09-20Revert silencing `RUSTSEC-2024-0370` in `cargo audit`Markus Pettersson1-6/+2
2024-09-09Ignore RUSTSEC-2024-0370 in audit workflowDavid Lönnhager1-2/+6
2024-08-22Add top level `permissions` to all Github Actions workflowsLinus Färnstrand1-2/+4
The default permission on the repository is already set to read only. So in practice this makes no difference. But this makes that more explicit, and less relying on the repository being correctly configured. This also makes security scanning tools such as OpenSSF scorecard happier about the overall security of our repository.
2024-03-25Upgrade `plist`Markus Pettersson1-3/+1
2024-02-27Ignore RUSTSEC-2023-0081Markus Pettersson1-1/+2
2024-02-15Ignore `RUSTSEC-2023-0079` in test frameworkMarkus Pettersson1-1/+2
2024-02-09Ignore RUSTSEC-2023-0079Markus Pettersson1-0/+4
2024-02-01Stop ignoring RUSTSEC-2020-0168 in the testframework audit CI jobLinus Färnstrand1-2/+1
2024-01-25Also ignore RUSTSEC-2020-0168Linus Färnstrand1-1/+2
2024-01-25Run cargo audit in test framework alsoLinus Färnstrand1-1/+13
2023-08-01Un-ignore RUSTSEC-2020-0071 and ban time 0.1 from dependency treeLinus Färnstrand1-3/+0
2023-08-01Un-ignore RUSTSEC-2021-0145 since atty is no longer in the dep treeLinus Färnstrand1-5/+1
2023-06-29Revert the temporary test on the cargo audit CILinus Färnstrand1-3/+3
Should make it run smoothly again, and back to the original time
2023-06-29Testing new scheduleLinus Färnstrand1-7/+3
2023-06-29Use dedicated github action for cargo auditLinus Färnstrand1-22/+12
Integrates better with Github actions, and yields better output on errors
2023-02-01Update cargo audit CI job description to not mention env_loggerLinus Färnstrand1-2/+1
2023-02-01Deny warnings in `cargo audit` CI jobLinus Färnstrand1-1/+5
2023-01-20Upgrade checkout action to v3Linus Färnstrand1-1/+1
2023-01-20Run cargo audit on a schedule every dayLinus Färnstrand1-0/+7
2023-01-20Don't run cargo audit when *.rs files changeLinus Färnstrand1-1/+0
2023-01-13Run yamlfix on all of .github/workflows/Linus Färnstrand1-30/+30
2022-11-24Ignore RUSTSEC-2021-0145David Lönnhager1-2/+7
The vulnerability affects custom global allocators on Windows, so we can safely ignore it
2022-09-27Download protoc in CIEmīls Piņķis1-0/+5
2022-07-01Remove reference to withdrawn CVE. It is no longer relevantLinus Färnstrand1-2/+2
2022-03-25Rename some Github Actions jobs to make them easier to findLinus Färnstrand1-1/+1
2022-01-12Change workflow trigger from push to pull_requestOskar Nyberg1-1/+1
2021-10-27Temporarily ignore RUSTSEC-2020-0159 RUSTSEC-2020-0071 (time + chrono)Linus Färnstrand1-1/+3
2021-09-28Run `cargo audit` more oftenDavid Lönnhager1-0/+1
2021-04-20Add CI job for auditing Cargo.lock filesDavid Lönnhager1-0/+23
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.