Skip to content

Commit

Permalink
Replace actions-rs/audit-check with direct cargo audit invocation (
Browse files Browse the repository at this point in the history 
…#92)

Unfortunately we can't pass an `--ignore` option to cargo-audit via
`actions-rs/audit-check` to ignore the request smuggling vulnerability
in `tiny_http` due to this issue:

actions-rs/audit-check#132

This PR switches to invoking `cargo audit` directly so we can.
  • Loading branch information
@tony-iqlusion
tony-iqlusion committed Sep 23, 2020
1 parent 45bcbd6 commit f2f1997
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 6 deletions.
12 changes: 8 additions & 4 deletions .github/workflows/security_audit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,12 @@ jobs:
uses: actions/cache@v1
with:
path: ~/.cargo/bin
key: ${{ runner.os }}-cargo-audit-v0.11.2
- uses: actions-rs/audit-check@v1
key: ${{ runner.os }}-cargo-audit-v0.12.1
- uses: actions-rs/toolchain@v1
with:
args: --ignore RUSTSEC-2019-0031
token: ${{ secrets.GITHUB_TOKEN }}
toolchain: stable
override: true
- name: Install cargo audit
run: cargo install cargo-audit
- name: Run cargo audit
run: cargo audit --deny-warnings --ignore RUSTSEC-2020-0031
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit f2f1997

Please sign in to comment.