Skip to content

use cargo-audit in CI to detect dependencies with known "vulnerabilities"

trinity-1686a requested to merge trinity-1686a/arti:cargo-audit into main

fix #152 (closed)
This patch-set makes so cargo-audit is run in CI to check for known vulnerabilities in dependencies.

Also patch the issues it found (both unmaintained crates).

https://rustsec.org/advisories/RUSTSEC-2018-0017
https://rustsec.org/advisories/RUSTSEC-2020-0077

cargo install cargo-audit is a bit long to run, it could use being cached or run in an environment in which it's preinstalled. I did not find an official Docker image containing it, but there are some unofficial ones which I can set to use if wanted.

Merge request reports