advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

Advisories for evm-units and uniswap-utils

Open carols10cents opened this issue 1 month ago • 4 comments

My understanding is this is going to fail the linter because we've already taken down these crates from crates.io: https://github.com/rustsec/rustsec/issues/1479

And I didn't add categories because of https://github.com/rustsec/advisory-db/issues/2499 and https://github.com/rustsec/advisory-db/issues/2500

carols10cents avatar Dec 05 '25 18:12 carols10cents

They probably need at least a placeholder version. >= 0 should work.

tarcieri avatar Dec 05 '25 18:12 tarcieri

Looks like a bunch of crates have this:

[versions]
patched = []

carols10cents avatar Dec 05 '25 18:12 carols10cents

Ok now i think this is at the "crate doesn't exist in crates.io" lint failure?

error: error linting advisory DB .: crates.io index error: crates.io package name does not match package name in advisory for uniswap-utils in RUSTSEC-0000-0000

carols10cents avatar Dec 05 '25 19:12 carols10cents

Yep, looks like we need https://github.com/rustsec/rustsec/issues/1479 to move forward now

tarcieri avatar Dec 05 '25 20:12 tarcieri

I think we're ready for this now, see

  • https://github.com/rustsec/advisory-db/pull/2508

djc avatar Dec 17 '25 17:12 djc