Run cargo audit in CI (#3123)

This commit is contained in:
Gerard Guillemas Martos 2023-12-13 09:59:54 +01:00 committed by GitHub
parent fad759c813
commit c683ee42fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 0 deletions

7
.cargo/audit.toml Normal file
View file

@ -0,0 +1,7 @@
[advisories]
ignore = [
# Will be resolved once "surrealdb-jsonwebtoken", a temporary fork
# of "jsonwebtoken", is replaced by the upstream version which no
# longer uses the affected "rsa" crate.
"RUSTSEC-2023-0071"
]

View file

@ -79,6 +79,26 @@ jobs:
- name: Check workspace
run: cargo make ci-check
check-dependencies:
name: Check dependencies
runs-on: ubuntu-latest
steps:
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: 1.71.1
components: rustfmt
- name: Checkout sources
uses: actions/checkout@v4
- name: Install cargo-audit
run: cargo install --debug --locked cargo-audit
- name: Check dependencies
run: cargo audit
check-wasm:
name: Check Wasm
runs-on: ubuntu-latest