Turn audit check back on (#2235)

EspressoSystems · Oct 30, 2024 · 3ee0a99 · 3ee0a99
1 parent 37f62e1
commit 3ee0a99
Showing 1 changed file with 3 additions and 11 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -21,15 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
-      # See https://github.com/rustsec/audit-check for docs
-      # TODO: re-enable if https://github.com/rustsec/audit-check/pull/20 is merged
-      # - uses: rustsec/audit-check@v1
-      #   with:
-      #     token: ${{ secrets.GITHUB_TOKEN }}
 
-      # Currently the rustsec/audit-check action regenerates the Cargo.lock
-      # file. Our binaries are built using the committed lock file.
-      # Re-generating the lock file can hide vulnerabilities. We therefore run
-      # cargo audit directly which respects our lock file.
-      - run: cargo audit
+      - uses: rustsec/audit-check@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}