cabal-audit icon indicating copy to clipboard operation
cabal-audit copied to clipboard
verified publisher icon MangoIV

cabal-audit is broken

Open pranaysashank opened this issue 3 months ago • 4 comments

Hi, running cabal-audit fails with

cabal-audit failed :
listing advisories in
/tmp/cabal-audit942863/advisories/published/2024/HSEC-2024-0009.md
failed with
Advisory structure error:
while trying to lookup mandatory key "advisory.date":
the path is missing 'hackage' or 'ghc' directory
 in <top-level>

listing advisories in
/tmp/cabal-audit942863/advisories/published/2024/HSEC-2024-0007.md
failed with
Advisory structure error:
while trying to lookup mandatory key "advisory.date":
the path is missing 'hackage' or 'ghc' directory
 in <top-level>

listing advisories in
/tmp/cabal-audit942863/advisories/published/2024/HSEC-2024-0001.md
failed with
Advisory structure error:
while trying to lookup mandatory key "advisory.date":
the path is missing 'hackage' or 'ghc' directory
 in <top-level>
....

I am guessing this is likely due to the new layout introduced upstream in this PR https://github.com/haskell/security-advisories/pull/293

pranaysashank avatar Nov 17 '25 09:11 pranaysashank

It was supposed to be backwards compatible. I think fetching latest dependencies would work, but I'll handle the fixes in upstream. Sorry for that.

blackheaven avatar Nov 17 '25 09:11 blackheaven

@blackheaven if you want we can add an "integration test" to security-advisories that runs cabal-audit on itself to make sure it doesn't break because of upstream changes?

MangoIV avatar Nov 17 '25 10:11 MangoIV

it would be great!

blackheaven avatar Nov 18 '25 21:11 blackheaven

See #65

blackheaven avatar Nov 23 '25 15:11 blackheaven