audit-check icon indicating copy to clipboard operation
audit-check copied to clipboard
verified publisher icon rustsec

Support for lock file v4

Open nazar-pc opened this issue 1 year ago • 3 comments

Right now lock files with version = 4 created by nightly versions fail like this:

error: not found: Couldn't load Cargo.lock
Caused by:
  -> I/O operation failed: parse error: parse error: invalid Cargo.lock format version: `4`

Would be great to support this, especially if this is not a big lift.

nazar-pc avatar Oct 28 '24 15:10 nazar-pc

Dup of https://github.com/rustsec/rustsec/issues/1249

tarcieri avatar Oct 28 '24 15:10 tarcieri

Reopening now that cargo audit supports lockfile v4, but this action reportedly doesn't.

Shnatsel avatar Nov 28 '24 22:11 Shnatsel

It kind of does and doesn't at the same time, which I believe is caused by this line: https://github.com/rustsec/audit-check/blob/69366f33c96575abad1ee0dba8212993eecbe998/src/main.ts#L18

It will not try to upgrade cargo-audit when older version that doesn't support v4 lock file is currently installed. This doesn't affect official runners in most cases, but it may affect self-hosted runners that do not clean the state or simply workflows that happen to have cargo-audit of older version installed for whatever reason.

nazar-pc avatar Nov 28 '24 22:11 nazar-pc