From afdd7114540298995c098f861875ba02057e2bc3 Mon Sep 17 00:00:00 2001
From: Michael Rodler <mrodler@amazon.de>
Date: Tue, 13 Jun 2023 12:03:23 +0200
Subject: [PATCH] Run cargo-audit in CI to check for known vulnerabilities in
 dependencies. Bumped the `pretty_env_logger` dependency with a known
 advisory.

Signed-off-by: Michael Rodler <mrodler@amazon.de>
Co-authored-by: f0rki <m@mrodler.eu>
---
 .github/workflows/cargo-audit.yml | 17 +++++++++++++++++
 Cargo.toml                        |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/cargo-audit.yml

diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
new file mode 100644
index 0000000000..a49f5699c2
--- /dev/null
+++ b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,17 @@
+name: cargo-audit
+on:
+  push:
+    paths: 
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  schedule:
+    - cron: '0 16 * * Mon'
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/Cargo.toml b/Cargo.toml
index 7665e97e88..0a5cb979e4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -44,7 +44,7 @@ futures-util = { version = "0.3", default-features = false, features = ["alloc"]
 http-body-util = "=0.1.0-rc.2"
 matches = "0.1"
 num_cpus = "1.0"
-pretty_env_logger = "0.4"
+pretty_env_logger = "0.5"
 spmc = "0.3"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"