Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce cargo-audit into CI #22

Merged
merged 14 commits into from
Oct 3, 2023
Merged

Introduce cargo-audit into CI #22

merged 14 commits into from
Oct 3, 2023

Conversation

nspin
Copy link
Member

@nspin nspin commented Oct 3, 2023
edited
Loading

cargo-audit scans Cargo.lock files for known vulnerabilities.

This PR adds a cargo-audit check to CI, and addresses a number of vulnerabilities reported by cargo-audit.

Note that the CI check only scans dependencies of this project's public crates. It excludes the tests and examples, for the sake of avoiding noise.

Addresses #17.

@nspin
Bump cargo crate dependency version
80c3eb1 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
Bump zerocopy crate dependency version
70d8e28 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
Bump clap crate dependency version
6c87cd3 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
crates/sel4-backtrace/cli: Remove mmap crate dependency
7551da5 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
Replace rusttype crate dependency with ab_glyph
ce70a22 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
Replace no_std float module with num-traits dependency
b055826 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
Bump chrono crate dependency in mbedtls
0ee42d5 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
ci: Check public crate dependencies for vulnerabilities
c497af7 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
Run cargo update
b1c2d43 
Signed-off-by: Nick Spinale <[email protected]>
@nspin
ci: Add -j$(nproc) to nix-build invocation
9d719b6 
Signed-off-by: Nick Spinale <[email protected]>
@nspin nspin mentioned this pull request Oct 3, 2023
Open
@nspin nspin force-pushed the pr/cargo-audit branch 2 times, most recently from 7ca8374 to b5a9696 Compare October 3, 2023 08:37
@nspin nspin merged commit f2a9455 into seL4:main Oct 3, 2023
4 checks passed
@nspin nspin deleted the pr/cargo-audit branch October 3, 2023 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nspin