Audit Rust dependencies #218

	name: Audit Rust dependencies
	on:
	pull_request:
	paths:
	- .github/workflows/*.yml
	- Cargo.toml
	- Cargo.lock
	schedule:
	# At 06:20 UTC every day. Will create an issue if a CVE is found.
	- cron: '20 6 * * *'

	workflow_dispatch:
	jobs:
	audit:
	runs-on: ubuntu-latest
	permissions:
	issues: write
	steps:
	- uses: actions/checkout@v4

	# We don't need to check CVEs against the checked in lockfile,
	# but only against the newest compatible dependencies.
	- name: Upgrade all dependencies
	run: cargo update

	- uses: actions-rust-lang/[email protected]
	name: Audit Rust Dependencies
	with:
	denyWarnings: true
	# RUSTSEC-2021-0127 - serde_cbor is unmaintained. Can be removed once we upgrade criterion
	# RUSTSEC-2021-0145 - atty is unsound. Can be removed once we upgrade criterion
	ignore: RUSTSEC-2021-0127,RUSTSEC-2021-0145

Provide feedback