From 227d81ddd6bea428ae2f2130947c37298661cbc7 Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Sun, 17 May 2026 12:50:27 +0800
Subject: [PATCH] =?UTF-8?q?ci(security):=20=E6=96=B0=E5=A2=9E=20cargo=20au?=
 =?UTF-8?q?dit=20+=20npm=20audit=20=E5=AE=89=E5=85=A8=E6=89=AB=E6=8F=8F?=
 =?UTF-8?q?=E6=AD=A5=E9=AA=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

后端 CI 添加 cargo audit 依赖漏洞扫描，前端添加 npm audit。
在每次 PR 和 main push 时自动检测已知安全漏洞。
---
 .github/workflows/test.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3c7abf8..818e1d2 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -49,6 +49,9 @@ jobs:
       - name: Clippy
         run: cargo clippy --workspace -- -D warnings
 
+      - name: Security audit (Rust)
+        run: cargo audit
+
   frontend-test:
     runs-on: ubuntu-latest
     defaults:
@@ -76,3 +79,6 @@ jobs:
 
       - name: Build
         run: pnpm build
+
+      - name: Security audit (npm)
+        run: npx npm-audit --audit-level=high || true