Document security advisory analysis and dependency upgrade limitations #5

	name: Security Audit

	on:
	push:
	paths:
	- '**/Cargo.toml'
	- '**/Cargo.lock'
	schedule:
	- cron: '0 0 * * 0' # Run weekly on Sunday at midnight
	workflow_dispatch: # Allow manual triggering

	jobs:
	audit:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: Install Rust
	uses: dtolnay/rust-toolchain@stable

	- name: Cache Rust dependencies
	uses: actions/cache@v3
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}

	- name: Install cargo-audit
	run: cargo install cargo-audit

	- name: Check for major dependency updates
	run: \|
	echo "Checking for major version updates in dependencies..."
	cargo update --dry-run \| grep -E "(solana\|spl)" \| grep -E "(\+[2-9]\.[0-9]\|\+[0-9]{2,}\.)" \|\| echo "No major dependency updates found"

	- name: Run cargo-audit
	run: cargo audit

Provide feedback