Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
> Consider https://github.com/rust-secure-code/cargo-auditable/commit/036acd1f217edce94274c0c3a1aabea7d6572d07. When you run the example with `cargo run -p top_level_crate` and `cargo run` you get different results. Well that's interesting (and horrifying). Thanks for pointing it out....
I've updated the title of the issue and I'm going to take a long, hard look at my usage of `cargo tree` to try and accurately reflect this interesting behavior...
There are derive helpers based on `macro_rules!` rather than proc macros: https://matx.com/research/rules_derive It is likely possible to implement an alternative `derive` for bytemuck traits using such helpers. These can then...
Could you explain the motivation for this change?
Ah, yeah, that all makes sense to me. And the code being split between two repos has been a problem in the past. I am in favor of the idea.
On [admin: inline single-use method](https://github.com/rustsec/rustsec/pull/1422/commits/02582b2e04de7f15894731c223c56f7fd5e7b81a): I think the way it was before is more readable. `if ! name_is_skipped(...) && ! name_exists_on_crates_io(...)` is immediately clear and I can just skim it,...
The rest looks good.
I went ahead and resolved the conflicts I caused by merging #2639 I've outright deleted `resize` because the signature changed and people would have to edit the code anyway. This...
v0.25.2 with the fix has shipped. This can now be closed.
In this particular case the issue stems from the upstream database recording the constraint as ">= 0.16.2", without the metadata prefix: https://rustsec.org/advisories/RUSTSEC-2024-0013.html That said, in OSV you cannot assume that...