Move cargo-audit functionality to deny.toml

Porges · web-flow · commit bb410e1bf8a9 · 2022-11-20T22:09:49.000Z
diff --git a/.devcontainer/install-dependencies.sh b/.devcontainer/install-dependencies.sh
@@ -5,7 +5,7 @@ set -eux
 # Note that this script runs as user 'vscode' during devcontainer setup.
 
 # Rust global tools, needed to run CI scripts
-"$HOME/.cargo/bin/cargo" install cargo-audit cargo-license@0.4.2 cargo-llvm-cov cargo-deny
+"$HOME/.cargo/bin/cargo" install cargo-license@0.4.2 cargo-llvm-cov cargo-deny
 "$HOME/.cargo/bin/rustup" component add llvm-tools-preview
 
 # NPM global tools
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ env:
   CARGO_TERM_COLOR: always
   SCCACHE_DIR: ${{github.workspace}}/sccache/
   SCCACHE_CACHE_SIZE: 1G
-  ACTIONS_CACHE_KEY_DATE: 2022-11-21-01
+  ACTIONS_CACHE_KEY_DATE: 2022-11-21-02
   CI: true
   DOTNET_VERSION: 7.0.x
 
diff --git a/src/ci/agent.sh b/src/ci/agent.sh
@@ -37,7 +37,7 @@ cd src/agent
 
 rustc --version
 cargo --version
-cargo audit --version
+cargo deny --version
 cargo clippy --version
 cargo fmt --version
 cargo license --version
@@ -48,9 +48,6 @@ if [ X${CARGO_INCREMENTAL} == X ]; then
 fi
 
 cargo fmt -- --check
-# RUSTSEC-2022-0048: xml-rs is unmaintained
-# RUSTSEC-2021-0139: ansi_term is unmaintained
-cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2022-0048 --ignore RUSTSEC-2021-0139
 cargo deny -L error check
 cargo license -j > data/licenses.json
 cargo build --release --locked
diff --git a/src/ci/proxy.sh b/src/ci/proxy.sh
@@ -12,9 +12,6 @@ mkdir -p artifacts/proxy
 cd src/proxy-manager
 cargo fmt -- --check
 cargo clippy --release --all-targets -- -D warnings
-# RUSTSEC-2022-0048: xml-rs is unmaintained
-# RUSTSEC-2021-0139: ansi_term is unmaintained
-cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2022-0048 --ignore RUSTSEC-2021-0139
 cargo deny -L error check
 cargo license -j > data/licenses.json
 cargo build --release --locked
diff --git a/src/ci/rust-prereqs.sh b/src/ci/rust-prereqs.sh
@@ -11,7 +11,7 @@ fi
 # sccache --start-server
 # export RUSTC_WRAPPER=$(which sccache)
 
-cargo install cargo-audit cargo-llvm-cov cargo-deny
+cargo install cargo-llvm-cov cargo-deny
 
 if ! cargo license --help; then
     cargo install cargo-license@0.4.2
diff --git a/src/deny.toml b/src/deny.toml
@@ -9,6 +9,16 @@ allow = [
     "Zlib",
 ]
 
+[advisories]
+vulnerability = "deny"
+unmaintained = "deny"
+unsound = "deny"
+yanked = "deny"
+ignore = [
+    "RUSTSEC-2022-0048", # xml-rs is unmaintained
+    "RUSTSEC-2021-0139", # ansi_term is unmaintained
+]
+
 [bans]
 
 # disallow rustls; we must use OpenSSL
