rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
`cargo audit fix` has been disabled by default for a very long time, and its current architecture relying on a fork of `cargo-edit` is infeasible to maintain. Its `Cargo.toml` editing...
…target package Passing `-t` followed by the name of a target package omits any vulnerabilities or warnings found that are not from packages in the subgraph formed from the target...
Does this have any downsides? It should speed up the integration tests overall? could also help with #832 related: https://github.com/iqlusioninc/abscissa/issues/845
``` $ cargo install --locked cargo-audit ... $ cargo audit bin cargo-audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 543 security advisories (from /home/user/.cargo/advisory-db) Updating crates.io index Found 'cargo auditable' data...
I noticed there's an experimental `cargo audit fix` which will edit `Cargo.toml`s (#23). It seems like `cargo audit` could suggest something less invasive as a first step: "Hint: try running...
I have `CARGO_TERM_COLOR=always` set on CI and I think `cargo audit` should respect it
$ cargo install rustsec-admin `warning: the following packages contain code that will be rejected by a future version of Rust: quick-xml v0.22.0` Seen in: - rustc 1.69.0-nightly (2773383a3 2023-02-10) -...
Part of https://github.com/rustsec/rustsec/issues/750 Not actually wired up to `cargo audit` yet, just shows what the approach might look like
test auditable_binary_with_vulnerabilities_fails has been running for over 60 seconds test auditable_binary_without_vulnerabilities_passes has been running for over 60 second ~13+ minutes on all platforms: Windows: https://github.com/rustsec/rustsec/actions/runs/4467658995/jobs/7847399841?pr=831#step:6:282 MacOS: https://github.com/rustsec/rustsec/actions/runs/4467658995/jobs/7847397875#step:6:279 Some GitHub red...
https://github.com/dtolnay/syn/releases/tag/2.0.0 $ cargo tree -i syn ``` [email protected] [email protected] ``` $ cargo tree -i [email protected] ``` syn v1.0.109 ├── abscissa_derive v0.6.0 (proc-macro) ├── askama_derive v0.11.2 (proc-macro) ├── askama_shared v0.12.2 ├──...