Should cargo-audit become advisory in CI?
Twice in the last 24 hours, I have had a branch where CI was passing before start failing because a package which was okay when I opened the branch became insecure before the branch was merged.
Maybe we should make this an advisory failure, and not have it make the branch unmergeable? OTOH, if we ignore this warning, it could allow us to merge known-insecure crates.