From d4fdfddf6448d56927f286a17549086dfed9bb10 Mon Sep 17 00:00:00 2001 From: UnbreakableMJ Date: Tue, 16 Jun 2026 19:31:35 +0300 Subject: [PATCH] build(justfile): mirror CI's audit advisory ignores in `just audit` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI's cargo-audit job ignores RUSTSEC-2024-0436 (paste, unmaintained) and RUSTSEC-2026-0002 (lru, unsound) — both warning-class, transitive via the ratatui tree. Plain `cargo audit` exits 0 on these (they're warnings, not vulnerabilities), so `just ci` did not fail — but it printed advisories CI suppresses, diverging from the "mirrors CI" intent and relying on cargo-audit's default warning-vs-fail behavior. Pass the same `--ignore` list as CI's audit-check `ignore:` input so local output matches the runner and stays robust if cargo-audit ever escalates warnings. Kept in lock-step with .github/workflows/ci.yml. Co-Authored-By: Claude Opus 4.8 --- justfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/justfile b/justfile index 9803747..a27ad63 100644 --- a/justfile +++ b/justfile @@ -49,9 +49,9 @@ version-gate: deny: cargo deny check -# Vulnerability advisories (CI: cargo-audit job). Needs `cargo install cargo-audit`. +# Vulnerability advisories; --ignore mirrors CI's audit job (.github/workflows/ci.yml). Needs cargo-audit. audit: - cargo audit + cargo audit --ignore RUSTSEC-2024-0436 --ignore RUSTSEC-2026-0002 # EncString fuzz harness (nightly; docs/fuzzing.md). Smoke by default; the v0.1 gate is `just fuzz 86400`. fuzz seconds="30":