Merge pull request #34 from MangoIV/develop

[chore] README update
MangoIV · Jun 15, 2024 · 846f56f · 846f56f
2 parents 955ba90 + 98e9544
commit 846f56f
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 17 deletions.
diff --git a/.github/workflows/cabal-audit.yml b/.github/workflows/cabal-audit.yml
@@ -1,4 +1,4 @@
-name: nix checks and build
+name: nix build
 
 on:
   workflow_dispatch:

diff --git a/.github/workflows/haskell-ci.yml b/.github/workflows/haskell-ci.yml
@@ -1,4 +1,4 @@
-name: cabal-build cabal-audit
+name: cabal build
 
 on:
   workflow_dispatch:

diff --git a/.github/workflows/update-lock-file.yml b/.github/workflows/update-lock-file.yml
@@ -1,4 +1,4 @@
-name: update-flake-lock
+name: update flake lock
 
 on:
   workflow_dispatch:

diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
 <div align="center">
   <a href="https://github.com/mangoiv/cabal-audit/actions">
     <img src="https://github.com/mangoiv/cabal-audit/actions/workflows/cabal-audit.yml/badge.svg" alt="CI">
+    <img src="https://github.com/MangoIV/cabal-audit/actions/workflows/haskell-ci.yml/badge.svg" ald="CI">
   </a>
   <h1> <code> cabal-audit </code> </h1>
 </div>
@@ -31,11 +32,12 @@ You can also [download a static executable from one of the latest workflow runs]
 Run `cabal-audit` to scan your project for known vulnerabilities:
 
 ```console
-λ cabal run cabal-audit -- --help
+λ cabal-audit --help
 Welcome to cabal audit
 
 Usage: cabal-audit [(-p|--file-path FILEPATH) | (-r|--repository REPOSITORY)] 
-                   [--verbosity ARG] [-m|--json] [-o|--to-file FILEPATH]
+                   [--verbosity ARG] [-m|--json] [-o|--to-file FILEPATH] 
+                   [-b|--no-color|--no-colour] [--fail-on-warning]
 
   audit your cabal projects for vulnerabilities
 
@@ -49,31 +51,36 @@ Available options:
   -m,--json                whether to format as json mapping package names to
                            osvs that apply
   -o,--to-file FILEPATH    specify a file to write to, instead of stdout
+  -b,--no-color,--no-colour
+                           don't colour the output
+  --fail-on-warning        Exits with an error code if any advisories are found
+                           in the build plan
 ```
 
 ```console
-λ cabal run cabal-audit
+λ cabal-audit
 trying to clone https://github.com/haskell/security-advisories
-Cloning into '/tmp/cabal-audit-726d3e9345b766bc'...
-remote: Enumerating objects: 172, done.
-remote: Counting objects: 100% (172/172), done.
-remote: Compressing objects: 100% (129/129), done.
-remote: Total 172 (delta 6), reused 114 (delta 1), pack-reused 0
-Receiving objects: 100% (172/172), 116.55 KiB | 1.31 MiB/s, done.
-Resolving deltas: 100% (6/6), done.
+Cloning into '/tmp/cabal-audit3119166'...
+remote: Enumerating objects: 183, done.
+remote: Counting objects: 100% (183/183), done.
+remote: Compressing objects: 100% (140/140), done.
+remote: Total 183 (delta 5), reused 123 (delta 0), pack-reused 0
+Receiving objects: 100% (183/183), 131.50 KiB | 2.19 MiB/s, done.
+Resolving deltas: 100% (5/5), done.
+
 
 Found advisories:
 
-dependency "base" at version 4.18.1.0 is vulnerable for:
+dependency "base" at version 4.19.1.0 is vulnerable for:
   HSEC-2023-0007 "readFloat: memory exhaustion with large exponent"
-  published: 2024-04-23 12:43:30 +1000
+  published: 2024-06-13 06:04:41 UTC
   https://haskell.github.io/security-advisories/advisory/HSEC-2023-0007
   No fix version available
   toml, parser, dos
 
-dependency "process" at version 1.6.17.0 is vulnerable for:
+dependency "process" at version 1.6.18.0 is vulnerable for:
   HSEC-2024-0003 "process: command injection via argument list on Windows"
-  published: 2024-04-23 12:43:30 +1000
+  published: 2024-06-13 06:04:41 UTC
   https://haskell.github.io/security-advisories/advisory/HSEC-2024-0003
   Fix available since version 1.6.19.0
   windows