rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
Follow up from https://github.com/actions-rs/audit-check/issues/223 I failed to notice that you can use `audit.toml` as a mechanism to ignore understood advisories for my own repo. This led me to find and...
@djmitche [suggested](https://github.com/actions-rs/audit-check/issues/223#issuecomment-1215962478) documentation to help cover the usage of `audit.toml` to ignore advisories, especially when running under a github action. This is a draft of documentation that might help meet...
Example: https://github.com/quininer/x11-clipboard on commit 54096beb: - `cargo audit` doesn't report any issues - `cargo audit --deny warnings` reports `error: 1 denied warning found!` - a soundness issue This often results...
This is an MVP, to have some support for `cargo auditable` on launch. Eventually I'd like to extend this with `--dir` parameter to scan an entire directory, because scanning files...
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.20 to 0.4.22. Release notes Sourced from chrono's releases. 0.4.22 Unfortunately the introduction of the iana-time-zone dependency in 0.4.21 caused some new regressions with lesser known platforms....
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [comrak](https://github.com/kivikakk/comrak) from 0.13.0 to 0.14.0. Release notes Sourced from comrak's releases. 0.14.0 What's Changed Allow for C-style dynamic libraries to be produced by @gjtorikian in kivikakk/comrak#171 Fix wrapping on...
Bumps [clap](https://github.com/clap-rs/clap) from 3.2.6 to 3.2.17. Release notes Sourced from clap's releases. v3.2.17 [3.2.17] - 2022-08-12 Fixes (derive) Expose #[clap(id = ...)] attribute to match Arg's latest API v3.2.16 [3.2.16]...
We could add a command to: * detect missing aliases/related IDs (based on CVE and/or GHSA data), and maybe open pull requests automatically to add them * detect advisories present...
> xml-rs is Unmaintained | Details | | | ------------------- | ---------------------------------------------- | | Status | unmaintained | | Package | `xml-rs` | | Version | `0.8.4` | | URL...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Bumps [cargo-edit](https://github.com/killercup/cargo-edit) from 0.9.1 to 0.10.4. Release notes Sourced from cargo-edit's releases. v0.10.4 0.10.4 - 2022-07-29 Fixes upgrade Hide "note" column when unused Summarize uninteresting rows by default v0.10.3 0.10.3...