Adding rust audit. (#1099)

* Adding rust audit. * Update clap version + derive_builder (they clashed). * Ignoring specific CVE which can be ignored https://github.com/Azure/iot-identity-service/issues/481 * Updating python lock. * Revert `derive-builder` update. * Adding back help msg.
2025-08-22 16:25:30 +00:00 · 2022-11-09 12:59:36 +01:00
parent 99c06c82e0
commit bbae829a72
6 changed files with 980 additions and 848 deletions
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@ -81,6 +81,14 @@ jobs:
          command: test
          args: --verbose --manifest-path ./tokenizers/Cargo.toml --doc

+      - name: Run Audit
+        uses: actions-rs/cargo@v1
+        with:
+          command: audit
+          # ignoring specific CVE which probably isn't affecting this crate
+          # https://github.com/chronotope/chrono/issues/602
+          args: -D warnings -f ./tokenizers/Cargo.lock --ignore RUSTSEC-2020-0071
+
      # Verify that Readme.md is up to date.
      - name: Make sure, Readme generated from lib.rs matches actual Readme
        if: matrix.os == 'ubuntu-latest'