From 4dcbec0af093dc67b9d8311cce24535c1f63b6e9 Mon Sep 17 00:00:00 2001 From: Gerard Guillemas Martos Date: Tue, 13 Feb 2024 12:02:09 +0100 Subject: [PATCH] Add instruction to run `cargo vet prune` when updating crate audits (#3505) --- supply-chain/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/supply-chain/README.md b/supply-chain/README.md index d49af385..1f20c6f5 100644 --- a/supply-chain/README.md +++ b/supply-chain/README.md @@ -65,6 +65,8 @@ The following process can be followed whenever the dependency checking action fa - `cargo vet trust ` - Otherwise, it can be (for now) exempted from the vetting process. - `cargo vet add-exemption ` + - Afterwards, prune the list of audits to remove outdated entries. + - `cargo vet prune` - The changes will be approved by **@surrealdb/security**. - If the action fails due to `cargo-acl`: - The newly required access (e.g. `unsafe`, `fs`, `net`...) should be understood by the author of the PR.