From 5707b81a7efcf8430d227e752163928556c94c00 Mon Sep 17 00:00:00 2001
From: Sai Karthik <kskarthik@disroot.org>
Date: Tue, 6 Jan 2026 14:20:33 +0530
Subject: [PATCH 1/2] feat(ci): add cargo-audit workflow for scanning rust
 vulnerabilities

Signed-off-by: Sai Karthik <kskarthik@disroot.org>
---
 .github/workflows/cargo-audit.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/cargo-audit.yml

diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
new file mode 100644
index 000000000000..46e4f77cbe50
--- /dev/null
+++ b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,31 @@
+# Link https://github.com/marketplace/actions/cargo-audit-your-rust-dependencies
+name: "Cargo Audit"
+on:
+  push:
+    paths:
+      # Run if workflow changes
+      - '.github/workflows/cargo-audit.yml'
+      # Run on changed dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodically to pick up new advisories
+  schedule:
+    - cron: '0 0 * * *'
+  # Run manually
+  workflow_dispatch:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rust-lang/audit@v1
+        name: Audit Rust Dependencies
+        # with:
+          # Comma separated list of issues to ignore
+          # ignore: RUSTSEC-2020-0036

From 2893b9232c03d831c125a5580b08d933c2f3a9f8 Mon Sep 17 00:00:00 2001
From: Sai Karthik <kskarthik@disroot.org>
Date: Tue, 6 Jan 2026 14:37:19 +0530
Subject: [PATCH 2/2] fix(ci): pin cargo-audit workflow version

Signed-off-by: Sai Karthik <kskarthik@disroot.org>
---
 .github/workflows/cargo-audit.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
index 46e4f77cbe50..55b50fb71a40 100644
--- a/.github/workflows/cargo-audit.yml
+++ b/.github/workflows/cargo-audit.yml
@@ -1,4 +1,3 @@
-# Link https://github.com/marketplace/actions/cargo-audit-your-rust-dependencies
 name: "Cargo Audit"
 on:
   push:
@@ -24,7 +23,8 @@ jobs:
       issues: write
     steps:
       - uses: actions/checkout@v4
-      - uses: actions-rust-lang/audit@v1
+        # https://github.com/marketplace/actions/cargo-audit-your-rust-dependencies
+      - uses: actions-rust-lang/audit@72c09e02f132669d52284a3323acdb503cfc1a24
         name: Audit Rust Dependencies
         # with:
           # Comma separated list of issues to ignore