Completely remove cargo audit

My current feeling is that the build maintenance friction it creates
is not proportional to the benefits it provides.

We are pretty frugal with the set of Rust dependencies, and our
security model is "we run build.rs and proc macros", so it doesn't
seem like cargo audit could help us much.

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index f977c88bee70a3743bee3551cbda3579b9577ba7..f46fb8fecc2b23a9ae4499b8982dcf63eb47b553 100644 (file)
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -16,20 +16,6 @@ env:
   RUSTUP_MAX_RETRIES: 10
 
 jobs:
-  # rust-audit:
-  #   name: Audit Rust vulnerabilities
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - name: Checkout repository
-  #     uses: actions/checkout@v2
-
-  #   - uses: actions-rs/install@v0.1
-  #     with:
-  #       crate: cargo-audit
-  #       use-tool-cache: true
-
-  #   - run: cargo audit
-
   rust:
     name: Rust
     runs-on: ${{ matrix.os }}