From 64415348ce896bdeb6c089f1fa601e67994c6f50 Mon Sep 17 00:00:00 2001
From: Kayos <kayos@sulkta.com>
Date: Wed, 29 Apr 2026 14:40:27 -0700
Subject: [PATCH] Dockerfile: drop cargo-audit (libgit2-sys broken); cargo-deny
 supersedes

---
 Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 68a0409..14afe8d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -214,8 +214,12 @@ RUN curl -fsSL https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --p
 # mount, so cargo install artifacts there disappear inside the live container.
 USER root
 RUN /home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/cargo install \
-        --locked --root /usr/local cargo-audit cargo-deny \
-    && chmod 755 /usr/local/bin/cargo-audit /usr/local/bin/cargo-deny
+        --locked --root /usr/local cargo-deny \
+    && chmod 755 /usr/local/bin/cargo-deny
+# cargo-audit was historically here but its `git2` C-binding dep needs
+# libgit2-sys which fails in this base. cargo-deny supersedes it for our
+# use: `cargo deny check advisories` does the same RustSec-DB scan that
+# cargo-audit does. The rust audit recipe uses cargo-deny accordingly.
 USER crafter
 
 # ============================================================