Skip to content

Notification Action #1928

Notification Action

Notification Action #1928

Workflow file for this run

name: Security
permissions: {}
on:
pull_request:
branches:
- main
push:
branches:
- main
schedule:
- cron: "25 4 * * 1"
jobs:
cargo-audit:
name: Cargo Audit
runs-on: ubuntu-latest
continue-on-error: true
permissions:
checks: write
contents: read
issues: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
ignore: RUSTSEC-2023-0071,RUSTSEC-2026-0097
# RUSTSEC-2023-0071 rsa: Marvin Attack - no fix available, transitive via arti-client (which is unaffected https://gitlab.torproject.org/tpo/core/arti/-/issues/1141)
# RUSTSEC-2026-0097 rand: unsound when certain conditions are met - no fix available, transitive via arti-client