mirror of
https://github.com/rust-lang/rust-analyzer
synced 2025-01-12 13:18:47 +00:00
Completely remove cargo audit
My current feeling is that the build maintenance friction it creates is not proportional to the benefits it provides. We are pretty frugal with the set of Rust dependencies, and our security model is "we run build.rs and proc macros", so it doesn't seem like cargo audit could help us much.
This commit is contained in:
parent
5b8fdfe231
commit
5534bc0321
1 changed files with 0 additions and 14 deletions
14
.github/workflows/ci.yaml
vendored
14
.github/workflows/ci.yaml
vendored
|
@ -16,20 +16,6 @@ env:
|
||||||
RUSTUP_MAX_RETRIES: 10
|
RUSTUP_MAX_RETRIES: 10
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# rust-audit:
|
|
||||||
# name: Audit Rust vulnerabilities
|
|
||||||
# runs-on: ubuntu-latest
|
|
||||||
# steps:
|
|
||||||
# - name: Checkout repository
|
|
||||||
# uses: actions/checkout@v2
|
|
||||||
|
|
||||||
# - uses: actions-rs/install@v0.1
|
|
||||||
# with:
|
|
||||||
# crate: cargo-audit
|
|
||||||
# use-tool-cache: true
|
|
||||||
|
|
||||||
# - run: cargo audit
|
|
||||||
|
|
||||||
rust:
|
rust:
|
||||||
name: Rust
|
name: Rust
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
|
Loading…
Reference in a new issue