mirror of
https://github.com/lightningdevkit/rust-lightning.git
synced 2025-01-18 13:24:36 +01:00
9aa6ddb24e
This advisory is only relevant for a downstream dependency of `criterion`, which we currently don't want to bump in order to continue benchmarking with our MSRV 1.63.0. We therefore just add it to our ignore list for now.
24 lines
701 B
YAML
24 lines
701 B
YAML
name: Security Audit
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
|
|
jobs:
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
issues: write
|
|
checks: write
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: rustsec/audit-check@v1.4.1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
ignore: "RUSTSEC-2021-0145"
|
|
# RUSTSEC-2021-0145 pertains `atty`, which is a depencency of
|
|
# `criterion`. While the latter removed the depencency in its
|
|
# newest version, it would also require a higher `rustc`. We
|
|
# therefore avoid bumping it to allow benchmarking with our
|
|
# `rustc` 1.63 MSRV.
|