Skip to content

Security Audit

Security Audit #494

Workflow file for this run

name: Security Audit
on:
pull_request:
paths:
- Cargo.lock
merge_group:
push:
branches:
- main
paths:
- Cargo.lock
schedule:
- cron: '0 0 * * *'
jobs:
security_audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- uses: dtolnay/rust-toolchain@stable
- name: Install cargo audit
run: cargo install cargo-audit
# RUSTSEC-2021-0145: `atty` transitive dependency, only informational for Windows (not exploitable in practice)
# RUSTSEC-2023-0033: fixed until https://github.com/near/borsh-rs/issues/19
- run: cargo audit --deny warnings --ignore RUSTSEC-2021-0145 --ignore RUSTSEC-2023-0033