From 09b75970af803bd7374e14f37a937c7f6a33ea03 Mon Sep 17 00:00:00 2001
From: Ralph Ursprung <ralph.ursprung@gmail.com>
Date: Thu, 30 May 2024 16:57:11 +0200
Subject: [PATCH 1/2] CI: audit: remove ignore of `time 0.1` vuln (no longer
 present)

this is effectively a `git revert 15acb6d` (but not done as such to
provide a more detailed commit message).
starting with chrono v0.4.30 the dependency to `time` has been removed,
accordingly `cargo audit` no longer finds any issues here.
---
 .github/workflows/CI.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index cd51824..cbd90ab 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -39,7 +39,7 @@ jobs:
       - name: check formatting
         run: cargo fmt --all -- --check
       - name: audit
-        run: cargo audit --ignore RUSTSEC-2020-0071 # time 0.1, pulled in through chrono which however doesn't use the affected API. see https://github.com/chronotope/chrono/issues/602
+        run: cargo audit
 
   clippy:
     runs-on: ubuntu-latest

From 6d73fd1d94552f9dc6e0eafb6039573a4858206f Mon Sep 17 00:00:00 2001
From: Ralph Ursprung <ralph.ursprung@gmail.com>
Date: Thu, 30 May 2024 17:01:03 +0200
Subject: [PATCH 2/2] CI: move static code checks to ubuntu-only action

this has two reasons:
- the format & audit checks are the same on all platforms, thus running
  it multiple times adds no benefits
- `cargo-audit` seems to be no longer provided on the Mac OS VMs and
  would now have to be manually added (but is still present on Ubuntu &
  Windows).
---
 .github/workflows/CI.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index cbd90ab..84d1423 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -36,12 +36,8 @@ jobs:
         run: cargo check ${{ matrix.features }}
       - name: test
         run: cargo test ${{ matrix.features }}
-      - name: check formatting
-        run: cargo fmt --all -- --check
-      - name: audit
-        run: cargo audit
 
-  clippy:
+  static-code-checks:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -56,3 +52,7 @@ jobs:
         with:
           sarif_file: rust-clippy-results.sarif
           wait-for-processing: true
+      - name: check formatting
+        run: cargo fmt --all -- --check
+      - name: audit
+        run: cargo audit