From c779f4ddccaafa4ebb6d72ef3698759dd70f79a5 Mon Sep 17 00:00:00 2001 From: Egor Lazarchuk Date: Thu, 8 Jan 2026 15:22:10 +0000 Subject: [PATCH] feat(cargo-audit): install fresh cargo-audit on test run In order to prevent future `cargo-audit` failures of reading new new security database disclosures, remove `cargo-audit` from dev container and always try to install `cargo-audit` from source instaed. This makes CI always use new version of the binary while for normal development, local version will be used (so no `--force` flag). Signed-off-by: Egor Lazarchuk --- tests/integration_tests/security/test_sec_audit.py | 2 +- tools/devctr/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration_tests/security/test_sec_audit.py b/tests/integration_tests/security/test_sec_audit.py index e8265c3ae2a..ed14f5e0278 100644 --- a/tests/integration_tests/security/test_sec_audit.py +++ b/tests/integration_tests/security/test_sec_audit.py @@ -35,6 +35,6 @@ def set_of_vulnerabilities(output: CommandReturn): ) git_ab_test_host_command_if_pr( - "cargo audit --deny warnings -q --json", + "cargo install --locked cargo-audit && cargo audit --deny warnings -q --json", comparator=set_did_not_grow_comparator(set_of_vulnerabilities), ) diff --git a/tools/devctr/Dockerfile b/tools/devctr/Dockerfile index 036b93194ae..c288fc277b8 100644 --- a/tools/devctr/Dockerfile +++ b/tools/devctr/Dockerfile @@ -123,7 +123,7 @@ RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-too && rustup target add x86_64-unknown-linux-musl \ && rustup target add aarch64-unknown-linux-musl \ && rustup component add llvm-tools-preview clippy rustfmt \ - && cargo install --locked cargo-audit grcov cargo-sort cargo-afl \ + && cargo install --locked grcov cargo-sort cargo-afl \ && cargo install --locked cargo-deny --version 0.17.0 \ && cargo install --locked kani-verifier --version 0.64.0 && cargo kani setup \ \