rustsec icon indicating copy to clipboard operation
rustsec copied to clipboard

Published 20 hours ago verified publisher icon rustsec

Metadata

RustSec API & Tooling

Results 193 rustsec issues
Sort by recently updated
recently updated
newest added

rustsec: raise an error if the database path does not exist

Fixes #1372.

djc avatar djc

cargo audit does not return an error if db directory (--db) doesn't exists

When running the following commands in a powershell on Windows, I am getting no error at all: ```shell $ cargo audit --db '/dfgdfgdfg/dfgdfgdfg/test' -n Loaded 0 security advisories (from /dfgdfgdfg/dfgdfgdfg/test)...

jadinm avatar jadinm

Update petgraph to 0.7.1

3 comment

See https://github.com/petgraph/petgraph/blob/petgraph%40v0.7.1/RELEASES.rst. This is a SemVer-incompatible update only because petgraph’s exposed dependency fixedbitset was updated SemVer-incompatibly, but rustsec’s use of the petgraph APIs is straightforward, and no code changes appear...

musicinmybrain avatar musicinmybrain

`cargo audit` is not safe to run on untrusted projects

2 comment

Due to `cargo audit` being a Cargo plugin, and calling Cargo internally to generate a lockfile if it's out of date or missing, `cargo audit` is affected by both arbitrary...

Shnatsel avatar Shnatsel

cargo-audit crate

Serialize dependency tree when using JSON format

I would like the dependency tree to be serialized and printed for each of the items in the report when using JSON format. The immediate use case is to then...

lcian avatar lcian

Dependency tree incomplete when multiple versions of the same crate trigger messages

Seen [here](https://gitlab.kitware.com/utils/rust-ghostflow/-/jobs/10844391), copied for posterity: ``` error: 2 denied warnings found! Crate: ring Version: 0.16.20 Warning: unmaintained Title: *ring* is unmaintained Date: 2025-02-20 ID: RUSTSEC-2025-0007 URL: https://rustsec.org/advisories/RUSTSEC-2025-0007 Dependency tree: ring...

mathstuf avatar mathstuf

`status_warn!` macro breaks JSON output

1 comment

Abscissa's `status_warn!` macro prints to stdout, not stderr. This causes `cargo audit` to output non-JSON status strings in JSON output mode. This breaks anything that consumes JSON output of `cargo...

Shnatsel avatar Shnatsel

bug

[cargo-lock] Usage of `DEFAULT_BRANCH` not consistent with behavior of Cargo

2 comment

When parsing lock files, `cargo-lock` sets `master` as the default branch for each git dependency that lacks a branch/revision/tag ([see here](https://github.com/rustsec/rustsec/blob/bd6fb0fba41246ed860e0e8374d8f31aceabc8f9/cargo-lock/src/package/source.rs#L127)). There's two problems with this: 1. This does not...

tvsfx avatar tvsfx

tame-index / gix dependencies outdated (does dependabot ignore them?)

3 comment

We're working on updating `gix` to the latest version (0.70.0) in Fedora Linux, among other things to avoid the latest RUSTSEC advisory for it: https://rustsec.org/advisories/RUSTSEC-2025-0001.html I see tame-index update PRs...

decathorpe avatar decathorpe

RUSTSEC-2025-0001: gix-worktree-state nonexclusive checkout sets executable files world-writable

> gix-worktree-state nonexclusive checkout sets executable files world-writable | Details | | | ------------------- | ---------------------------------------------- | | Package | `gix-worktree-state` | | Version | `0.13.0` | | URL |...

github-actions[bot] avatar github-actions[bot]

Metadata

1.5k
Stars
126
Forks
Watchers

Owner

verified publisher icon rustsec

Metadata

RustSec API & Tooling

Back