mirror of
https://github.com/uutils/shadow.git
synced 2026-06-10 16:14:57 -07:00
19af7be38d
The Security audit workflow runs `cargo audit --file ./Cargo.lock`, but Cargo.lock was gitignored, so the file was absent in CI and every run failed with "Couldn't load ./Cargo.lock" — including the daily scheduled run on main. No advisory scan was ever performed. Commit the lockfile and drop it from .gitignore. shadow-rs ships binaries (the setuid-root tools), and committing the lockfile is the convention for binary crates: it gives reproducible builds and a stable input for the audit. The fuzz crate's lockfile stays ignored as throwaway tooling. Closes #167.
8 lines
95 B
Plaintext
8 lines
95 B
Plaintext
/target
|
|
/fuzz/target
|
|
/fuzz/corpus
|
|
/fuzz/artifacts
|
|
/fuzz/Cargo.lock
|
|
CLAUDE.md
|
|
PLAN-shadow-rs.md
|