Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Generate Cargo.lock before call
cargo audit
Starting from v0.18.0, cargo-audit hangs indefinitely if Cargo.lock does not exist. We discovered this while upgrading the container from v26 to v28 [1], which among other things updated cargo-audit. For the binary crates this should not be a problem, since they have Cargo.lock committed, but for many libraries this may not be true. If Cargo.lock is not there, we are generating one with the latest available versions, which may not be very significant. For this and other reasons it's now suggested that libraries also have a Cargo.lock [2] committed (thanks Manos for pointing this out). Note: `cargo generate-lockfile` updates Cargo.lock if it's already there, but we don't want it, that's why we have the guard. [1] #138 [2] https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control Suggested-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Suggested-by: Patrick Roy <roypat@amazon.co.uk> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
- Loading branch information