Skip to content

fix: Update security workflow actions for Cargo.lock v4 and CVSS 4.0 support#5

Merged
peteski22 merged 2 commits intomainfrom
fix/update-audit-action
Jan 6, 2026
Merged

fix: Update security workflow actions for Cargo.lock v4 and CVSS 4.0 support#5
peteski22 merged 2 commits intomainfrom
fix/update-audit-action

Conversation

@peteski22
Copy link
Contributor

@peteski22 peteski22 commented Jan 6, 2026
edited
Loading

Summary

Updates the security workflow actions to fix CI failures:

@peteski22
fix: Update audit action to v1.2.6 for Cargo.lock v4 support
866df12 
The security audit workflow was failing with 'cargo audit did not produce
any JSON output' because v1.2.5 used an older cargo-audit that couldn't
parse Cargo.lock format v4 (introduced in Rust 1.83).

v1.2.6 includes cargo-audit 0.22.0 which properly handles the new format.
@peteski22 peteski22 added bug Something isn't working ci CI/CD related labels Jan 6, 2026
@peteski22
fix: Update cargo-deny-action to v2.0.14 for CVSS 4.0 support
017940e 
cargo-deny v0.18.4 couldn't parse CVSS 4.0 scores now appearing in the
RustSec Advisory Database (RUSTSEC-2024-0445).

v2.0.14 includes cargo-deny 0.18.6 with rustsec 0.31 which fixes this.

See: EmbarkStudios/cargo-deny#804
@peteski22 peteski22 changed the title fix: Update audit action to v1.2.6 for Cargo.lock v4 support fix: Update security workflow actions for Cargo.lock v4 and CVSS 4.0 support Jan 6, 2026
@peteski22 peteski22 merged commit 3c22464 into main Jan 6, 2026
10 checks passed
@peteski22 peteski22 deleted the fix/update-audit-action branch January 6, 2026 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working ci CI/CD related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peteski22