This repository has been archived by the owner on Aug 3, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add `cargo audit` and `npm audit` to CI This runs: - On PRs that modify Cargo.toml or Cargo.lock - weekly and opens issues if either cargo or npm report an error. This does have false positives occasionally, especially for dev-dependencies, but catching vulnerabilities seems worth it. I've used the cargo-audit action before and can vouch for it. I glanced over the code in https://github.com/oke-py/npm-audit-action and it looks reasonable - not super well maintained, but not actively malicious, and we can turn it off, make PRs, or fork it later if it's really a problem. * Update vulnerable rust dependencies - Switch from `ws` to `parity-ws` `ws` is unmaintained and has security vulnerabilities. - Update tar to 0.4.37 This fixes a security vulnerability in version before 0.4.36. Co-authored-by: Cass <cass@cloudflare.com>
- Loading branch information