ci: restrict cargo-deny to licenses+bans, drop advisory check

nficano · nficano · commit 908688de0cf2 · 2026-05-22T09:56:26.000-04:00
The advisory DB now contains entries (e.g. RUSTSEC-2026-0076) using TOML
syntax unsupported by the cargo-deny 0.14.x bundled in cargo-deny-action@v1,
causing the 'Cargo Deny' check to fail with a parse error unrelated to our
dependencies. The separate 'Cargo Security Audit' job (cargo-audit) already
covers vulnerability advisories, so removing the redundant advisories check
from cargo-deny unblocks CI without any loss of security coverage.
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
@@ -52,6 +52,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Check licenses and bans
+        # Advisory DB check is handled by the separate cargo-audit job above.
+        # Restricting to licenses + bans avoids breakage when the advisory DB
+        # introduces new TOML features unsupported by this pinned cargo-deny
+        # version (e.g. RUSTSEC-2026-0076 parse error with cargo-deny 0.14.x).
         uses: EmbarkStudios/cargo-deny-action@v1
         with:
-          command: check advisories licenses bans
+          command: check licenses bans
