diff --git a/supply-chain/README.md b/supply-chain/README.md index d49af385..1f20c6f5 100644 --- a/supply-chain/README.md +++ b/supply-chain/README.md @@ -65,6 +65,8 @@ The following process can be followed whenever the dependency checking action fa - `cargo vet trust ` - Otherwise, it can be (for now) exempted from the vetting process. - `cargo vet add-exemption ` + - Afterwards, prune the list of audits to remove outdated entries. + - `cargo vet prune` - The changes will be approved by **@surrealdb/security**. - If the action fails due to `cargo-acl`: - The newly required access (e.g. `unsafe`, `fs`, `net`...) should be understood by the author of the PR.