Rust GitHub Actions in actions-rs seem unmaintained #2
Comments
|
Quoting @svartalf from actions-rs/cargo#59 (comment):
|
|
While back audit-check was forked into RustSec Yeah there is really no way for us to generate notice via advisory-db as this one is just GitHub action thing. But we have some contacts with GitHub we can ask around. Moving the issue to |
|
I think we could probably put together a much simpler action for people to use, which doesn't depend on e.g. Node.js in any way |
|
Some time ago, I wrote https://github.com/actions-rust-lang/audit to move off actions-rs. It is written as a composite action with the main logic in Python instead of JavaScript. It supports maintaining issues and writes a workflow summary with the findings. It doesn't really provide more features than audit-check except for an explicit input argument to ignore IDs. |
|
This action now uses node16 and dependencies have been bumped so should be perfectly usable. |
) - Update actions/checkout, arduino/setup-protoc, and taiki-e/create-gh-release-action actions. - Replace unmaintained actions-rs/audit-check action with rustsec/audit-check action (rustsec fork of actions-rs/audit-check. see also rustsec/audit-check#2).
This is not a Rust crate, but tooling used by many Rust projects. Is this correct place to discuss and maybe take action on informing community about the issue?
The
actions-rsGitHub Actions from GitHub (https://github.com/actions-rs) is used by many Rust projects.However, the actions don't see much love, there's discussion about the maintenance status here: actions-rs/meta#43
As these actions are not maintained a known vulnerabilities might start to pile up and things might start to break because GitHub is deprecating support for some thing (e.g. actions-rs#227).
Pinging @svartalf since he's the (only?) owner of the GitHub organization.
The text was updated successfully, but these errors were encountered: