Run cargo audit on committed Cargo.lock #1315

sveitser · 2024-04-10T07:22:02Z

The current audit action regenerates the lock file which may hide vulnerabilities in our binaries.

Ensure binaries are built with committed lock file by adding the --locked flag. Note the --locked flag is currently documented in a confusing way in cargo --help.

A fix for that has been merged into cargo recently:

rust-lang/cargo#13665

The current audit action regenerates the lock file which may hide vulnerabilities in our binaries. Ensure binaries are built with committed lock file by adding the `--locked` flag. Note the `--locked` flag is currently documented in a confusing way in `cargo --help`. A fix for that has been merged into cargo recently: rust-lang/cargo#13665

…ck-file

sveitser requested a review from tbro April 10, 2024 07:22

sveitser requested review from nomaxg, philippecamacho, ImJeremyHe and jbearer as code owners April 10, 2024 07:22

jbearer approved these changes Apr 10, 2024

View reviewed changes

sveitser added 2 commits April 11, 2024 10:08

Add --locked to cargo test invocations

3fd8084

Merge remote-tracking branch 'origin/main' into ma/cargo-audit-use-lo…

f0e694c

…ck-file

sveitser enabled auto-merge (squash) April 18, 2024 06:16

Merge remote-tracking branch 'origin/main' into ma/cargo-audit-use-lo…

461cdd0

…ck-file

sveitser merged commit 752608b into main Apr 18, 2024
14 checks passed

sveitser deleted the ma/cargo-audit-use-lock-file branch April 18, 2024 08:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run cargo audit on committed Cargo.lock #1315

Run cargo audit on committed Cargo.lock #1315

sveitser commented Apr 10, 2024

Run cargo audit on committed Cargo.lock #1315

Run cargo audit on committed Cargo.lock #1315

Conversation

sveitser commented Apr 10, 2024