audit-check icon indicating copy to clipboard operation
audit-check copied to clipboard
verified publisher icon rustsec

fix: do not fail when Cargo.lock is not found

Open flavio opened this issue 6 months ago • 2 comments

Fix a regression introduced by working-directory settings, introduced by commit b7dc4eb.

The commit started to invoke cargo-audit with the --file <working-dir>/Cargo.lock flag. However not all the Rust projects have Cargo.lock files committed; take libraries as an example.

This commit changes the working-directory default value to be an empty string. In this way the --file flag can be added only when the user actually provides this parameter.

Finally, the code has been changed to build the final path to the Cargo.lock file in a more robust way. The prior code assumed the action would be run on a unix system. It would have failed on a Windows machine.

flavio avatar Jun 18 '25 09:06 flavio

@tarcieri can you help finding someone who could review this PR? thanks!

flavio avatar Aug 05 '25 07:08 flavio

Please merge this @tarcieri

SimonIT avatar Aug 29 '25 13:08 SimonIT