RAprogramm · RAprogramm · Sep 19, 2025 · Sep 19, 2025 · Sep 19, 2025
diff --git a/.github/workflows/reusable-ci.yml b/.github/workflows/reusable-ci.yml
@@ -195,6 +195,12 @@ jobs:
             cargo +${{ steps.msrv.outputs.msrv }} test --workspace --no-fail-fast
           fi
 
+      - name: Install cargo-audit
+        run: cargo install --locked cargo-audit
+
+      - name: Security audit
+        run: cargo audit --deny warnings
+
       - name: Auto-commit README changes (any branch)
         if: always()
         run: |

diff --git a/.hooks/pre-commit b/.hooks/pre-commit
@@ -16,6 +16,12 @@ cargo clippy --workspace --all-targets --all-features -- -D warnings
 echo "🧪 Running tests (all features)..."
 cargo test --workspace --all-features
 
+echo "🛡️ Running cargo audit..."
+if ! command -v cargo-audit >/dev/null 2>&1; then
+  cargo install --locked cargo-audit >/dev/null
+fi
+cargo audit
+
 # Uncomment if you want to validate SQLx offline data
 # echo "📦 Validating SQLx prepare..."
 # cargo sqlx prepare --check --workspace

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,15 @@ All notable changes to this project will be documented in this file.
 
 ## [0.5.1] - 2025-09-24
 
+### Changed
+- Replaced the optional `sqlx` dependency with `sqlx-core` so enabling the
+  feature no longer pulls in `rsa` via the MySQL driver, fixing the
+  `RUSTSEC-2023-0071` advisory reported by `cargo audit`.
+
+### Security
+- Added `cargo audit` to the pre-commit hook and CI workflow; published a
+  README badge to surface the audit status.
+
 ### Added
 - Composite GitHub Action (`.github/actions/cargo-deny`) that installs and runs
   `cargo-deny` checks for reuse across workflows.