Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
There needs to be a way to cap the input file size for `cargo audit bin`, otherwise it can be OOM'd by a very large file. https://github.com/rustsec/rustsec/blob/d28345409daaf3c747634a10487255dccb01168d/cargo-audit/src/binary_deps.rs#L20-L22
`cargo audit fix` has been disabled by default for a very long time, and its current architecture relying on a fork of `cargo-edit` is infeasible to maintain. Its `Cargo.toml` editing...
Part of https://github.com/rustsec/rustsec/issues/750 Not actually wired up to `cargo audit` yet, just shows what the approach might look like
Right now `cargo audit` provides flexible controls for which kinds of advisories are reported (e.g. show/hide unmaintained or unsound) and which are considered fatal (i.e. cause non-zero exit code, cause...
@amousset has asked to include some kind of flag to disable panic-based version detection. This raises some questions: - Should the flag require binaries to be built with `cargo auditable`?...
RustSec is no longer the only way to get Rust vulnerability disclosures. https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust https://osv.dev/list?ecosystem=crates.io&q=
## What can be improved or is missing? OpenEXR format allows the file to be read in parallel. It is considerably faster than a single-threaded read all by itself, see...
## What can be improved or is missing? Provide benchmarks comparing the performance of this crate to the [OpenEXR reference implementation](https://github.com/AcademySoftwareFoundation/openexr). ## Implementation Approach The [`openexr`](https://docs.rs/openexr/latest/openexr) crate provides high-level, mostly...
## What can be improved or is missing? Right now initializing slices takes to be read into takes a non-trivial amount of time. Reading is not parallelized, so it becomes...
I've been looking into the TODO in the README: `TODO profile if smallvec is really an improvement!` `SmallVec` is all over the place, so it's rather difficult to remove it...