Merge branch 'cicd-audit-dependencies' into 'main'

Audit dependencies for CICD

See merge request veilid/veilid!381

.gitlab-ci.yml

@@ -8,6 +8,7 @@ variables:
 stages:
   - prepare
   - test
+  - audit_dependencies
   - build_packages
   - distribute
   - release
@@ -28,6 +29,21 @@ format:
       when: never
     - when: always
 
+audit_dependencies:
+  stage: audit_dependencies
+  image: rust:latest
+  before_script:
+    - cargo install cargo-audit --locked 
+  script:
+    - cargo audit
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  # Allowing to fail since there are some dependencies 
+  # with vulnerabilities.
+  # Once the affected ones will be upgraded, if we want
+  # to be more strict setup to false
+  allow_failure: true
+
 # base earthly setup for jobs
 .base:
   tags: [ saas-linux-medium-amd64 ]