From fa376963c23de0c04a6eca801da3c7fc048ac8a4 Mon Sep 17 00:00:00 2001
From: Uwe Klotz <uwe.klotz@gmail.com>
Date: Sun, 1 Oct 2023 12:51:50 +0200
Subject: [PATCH] GitHub CI: Replace security-audit with dependency-audit

---
 .github/workflows/dependency-audit.yaml | 36 ++++++++++++++++++++++
 .github/workflows/security-audit.yaml   | 40 -------------------------
 .pre-commit-config.yaml                 |  4 +--
 Cargo.toml                              |  2 +-
 4 files changed, 39 insertions(+), 43 deletions(-)
 create mode 100644 .github/workflows/dependency-audit.yaml
 delete mode 100644 .github/workflows/security-audit.yaml

diff --git a/.github/workflows/dependency-audit.yaml b/.github/workflows/dependency-audit.yaml
new file mode 100644
index 0000000..bbc2a49
--- /dev/null
+++ b/.github/workflows/dependency-audit.yaml
@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: The djio authors
+# SPDX-License-Identifier: CC0-1.0
+
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow
+
+# Same as file name
+name: dependency-audit
+
+permissions:
+  contents: read
+
+on:
+  push:
+    paths:
+      - "**/Cargo.toml"
+  schedule:
+    # Weekly, i.e. on Sunday at 13:37 UTC
+    - cron: "37 13 * * 0"
+  workflow_dispatch:
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate Cargo.lock
+        run: cargo generate-lockfile
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check
+          arguments: >-
+            --all-features
+            --locked
diff --git a/.github/workflows/security-audit.yaml b/.github/workflows/security-audit.yaml
deleted file mode 100644
index 9da64cf..0000000
--- a/.github/workflows/security-audit.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-# SPDX-FileCopyrightText: The djio authors
-# SPDX-License-Identifier: CC0-1.0
-
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow
-
-# Same as file name
-name: security-audit
-
-permissions:
-  contents: read
-
-on:
-  push:
-    paths:
-      - "**/Cargo.toml"
-  workflow_dispatch:
-
-jobs:
-  run:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: dtolnay/rust-toolchain@stable
-
-      - name: Install cargo-audit
-        run: cargo install cargo-audit
-
-      - uses: actions/checkout@v4
-
-      - name: Generate Cargo.lock
-        run: cargo generate-lockfile
-
-      - name: Cache Rust toolchain and build artifacts
-        uses: Swatinem/rust-cache@v2
-        with:
-          # The cache should not be shared between different workflows and jobs.
-          shared-key: ${{ github.workflow }}-${{ github.job }}
-
-      - name: Run security audit
-        run: cargo audit --deny unsound --deny yanked
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 41f093b..f2aa1d3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -36,7 +36,7 @@ repos:
       - id: markdownlint-cli2
         exclude: ^LICENSE\.md$
   - repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.9.0.5
+    rev: v0.9.0.6
     hooks:
       - id: shellcheck
   - repo: https://github.com/codespell-project/codespell
@@ -45,7 +45,7 @@ repos:
       - id: codespell
         args: [--ignore-words=.codespellignore]
   - repo: https://github.com/sirosen/check-jsonschema
-    rev: 0.26.3
+    rev: 0.27.0
     hooks:
       - id: check-github-actions
       - id: check-github-workflows
diff --git a/Cargo.toml b/Cargo.toml
index 31e6d0a..904294d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -22,7 +22,7 @@ futures = "0.3.28"
 is_sorted = "0.1.1"
 log = "0.4.20"
 strum = { version = "0.25.0", features = ["derive"] }
-thiserror = "1.0.48"
+thiserror = "1.0.49"
 
 # Optional dependencies
 discro = { version = "0.26.0", optional = true }