rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
As discussed on Zulip previously, adding the ability to provide a specific license and attribution for advisories would be useful, especially to allow importing advisories from Github Security Database (under...
_This is a WIP and I'll be editing this to potentially come up with something_ Currently we only have `patched = [ "semVers" ]` to denote fix without contextual information...
Copying and pasting my comment from #655. See also: #645. Build failure: https://github.com/rustsec/rustsec/runs/8025899590?check_suite_focus=true#step:7:117 I'm a bit confused in that it's only failing on macOS (and only on Rust 1.57; it...
Date field can be backdated and the advisories appear out-of-order in https://rustsec.org/advisories/ Didn't the website have access to the repository and it could just look at the id-assigned commit date(s)...
Related: https://github.com/rustsec/rustsec/pull/666, https://github.com/rustsec/rustsec/issues/669 I think it could be helpful to have FAQ.md that is visible via website ? Sections maybe for: - General - Contributors - Ecosystem Maintainers - Ecosystem...
Following from: https://github.com/rustsec/rustsec/pull/666 Would it be feasible / possible to link / embed / etc. howto unmaintained and contributing.md etc. from there to how to get started with contributing to...
It seems that the API of `Repository` and `Database` assumes that I either use both default git URL and default disk location, or that I customize both. But I'd like...
The `rustsec` crate (and its v0.29.1 release) are currently locked to `tame-index` >= v0.9.8 https://github.com/rustsec/rustsec/blob/30b098c/rustsec/Cargo.toml#L27 However, v0.9.8 and v0.9.9 have been yanked: https://crates.io/crates/tame-index/versions This results in the following error from...
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.3 to 1.10.4. Commits aa2d8bd 1.10.4 088d7f3 api: add Cow guarantee to replace API a5ae351 regex-automata-0.4.6 9cf4a42 automata: fix bug where reverse NFA lacked an unanchored prefix...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2. Release notes Sourced from actions/cache's releases. v4.0.2 What's Changed Fix fail-on-cache-miss not working by @cdce8p in actions/cache#1327 Full Changelog: https://github.com/actions/cache/compare/v4.0.1...v4.0.2 Changelog Sourced from actions/cache's...