Skip to content

Commit

Permalink
Remove cargo audit CI job again
Browse files Browse the repository at this point in the history
We realized that libraries should probably not check for CVEs.
It will generate too many false positives and provide very little value.
It's up to downstream *program* developers to select exact versions
of transitive dependencies. If it ends up being that no version of one
of our dependencies is safe/works, then that program developer must
report to this library that we should probably consider
upgrading/replacing that dependency with something better.
  • Loading branch information
faern committed Jun 11, 2024
1 parent 91ca82d commit 00c3dd8
Showing 1 changed file with 0 additions and 35 deletions.
35 changes: 0 additions & 35 deletions .github/workflows/cargo-audit.yml

This file was deleted.

0 comments on commit 00c3dd8

Please sign in to comment.