rustsec
Unexpected
Just added this action here https://github.com/luftkode/plotinator3000/pull/148 but it fails with: Error: Unexpected token '2025-0"... is not valid JSON
I cannot see in the logs which version of cargo-audit runs which I think would be nice(!). But running it locally with the latest version 0.21.0 gives this output:
cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 724 security advisories (from /home/marc/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (538 crate dependencies)
Crate: proc-macro-error
Version: 1.0.4
Warning: unmaintained
Title: proc-macro-error is unmaintained
Date: 2024-09-01
ID: RUSTSEC-2024-0370
URL: https://rustsec.org/advisories/RUSTSEC-2024-0370
Dependency tree:
proc-macro-error 1.0.4
āāā hdf5-metno-derive 0.9.1
āāā hdf5-metno 0.9.2
āāā skytem_hdf 0.1.0
āāā plotinator3000 1.3.5
It runs fine but warns on an unmaintained dependency
It looks like debug logging is enabled and it's printing a large number of debug loglines, which is confusing audit-check
Interesting, thanks for the quick response. Is it something you intend to fix?
It seems like something in your workflow is triggering the debug output. Are you setting RUST_LOG=debug anywhere? This seems like something unusual with your environment.
This project is in very much in maintenance mode and I'm maintainer of last resort. The main way things get fixed is by people opening PRs to fix them. Perhaps it's consuming both stdout and stderr here when it should only be consuming stdout? I don't know and I don't have time to look.
Yes I am, at the top of the workflow I have this:
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -D warnings
RUSTDOCFLAGS: -D warnings
RUST_BACKTRACE: 1
RUST_LOG: debug
That's very unfortunate if that's all it takes to break this action.
Okay but that's not an unusual configuration to have in a workflow, it's fine if you don't want to fix it but it's a bug.