1 Commits

Author SHA1 Message Date
Pierre Warnier 19af7be38d ci: commit Cargo.lock so cargo audit can run (#167) (#168)
The Security audit workflow runs `cargo audit --file ./Cargo.lock`, but
Cargo.lock was gitignored, so the file was absent in CI and every run
failed with "Couldn't load ./Cargo.lock" — including the daily scheduled
run on main. No advisory scan was ever performed.

Commit the lockfile and drop it from .gitignore. shadow-rs ships binaries
(the setuid-root tools), and committing the lockfile is the convention for
binary crates: it gives reproducible builds and a stable input for the
audit. The fuzz crate's lockfile stays ignored as throwaway tooling.

Closes #167.
2026-06-08 12:59:48 +02:00