Skip to content

Use a pinned compiler version to run cargo audit

Ian Jackson requested to merge Diziet/arti:audit into main

This avoids CI failures like this

arising from situations like this

IMO we should pin many of the other images too but I suspect that may be controversial. I'm hoping that pinning this one to get CI working is uncontroversial (perhaps only on a temporary basis).

The other way to solve this would be to remove --locked which IMO is going in the wrong direction, by exposing us to more rather than fewer uncontrolled inputs from our upstreams.

Merge request reports

Loading