rustsec
rustsec copied to clipboard
rustsec
RustSec API & Tooling
0.14.1 # Reproduction steps 1. Create a repo with a warning, e.g.: ```toml [dependencies] cpuid-bool = "0.2" ``` 2. Run `$cargo audit` and see the warning. 3. Promote that warning...
The CLI usage message doesn't give an overview of the available flags, nor does it provide a way (that I could discover) to pass a help flag. Furthermore, [the documentation](https://docs.rs/cargo-lock/4.0.1/cargo_lock/)...
Hi, when I use "cargo audit", I get an error : audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` error: couldn't fetch advisory database: git operation failed: unknown http scheme 'socks5'; class=Http...
I think a few versions ago, the way to invoke cargo-audit was `cargo audit`. By now, the API was changed, and it's now `cargo audit audit`. Unfortunately if no subcommand...
If you have `project-dir/.cargo/audit.toml` there is a difference between running: ``` cd project-dir cargo audit ``` and ``` cargo audit -f project-dir/Cargo.lock ``` Only in the first case will the...
After opening the issue about the `heapless` crate I was wondering why my CI setup didn't warn about the new advisory. From the code it looks I need to include...
Currently, when a deep transitive dependency has a vulnerability and the solution is to upgrade, cargo-audit doesn't provide any help identifying what point in the dependency chain is preventing that...
Typically a dependency tree has the top-level package at the top and its dependencies below. What cargo-audit prints is the exact opposite. I think "Inverted dependency tree" or "Tree of...
I have set up git to use SSH for all GitHub connections by including the following lines in my `~/.gitconfig`: ``` [url "[email protected]:"] insteadOf = https://github.com/ insteadOf = git://github.com/ ```...
## Request I think a great feature to have would be able to `cargo audit `. This would potentially download the Cargo.toml or Cargo.lock file from [somewhere, either crates.io or...
