rustsec icon indicating copy to clipboard operation
rustsec copied to clipboard
verified publisher icon rustsec

cargo-audit creates "advisory-db..lock" with two dots

Open simonsan opened this issue 1 year ago • 4 comments

Not a big issue, but just saw it recently.

Version

cargo-audit-audit 0.20.0

OS

Win 11 x64

simonsan avatar Mar 27 '24 08:03 simonsan

I think this is the culprit: https://github.com/rustsec/rustsec/blob/e41cb98/rustsec/src/repository/git/repository.rs#L109

It should be with_extension("lock") that implicitly adds a leading .

tarcieri avatar Oct 31 '24 14:10 tarcieri

Yeah. My fault. I was aware of that, but didn't want to change it so that different versions don't try to coordinate using different lockfiles and trample over each other or whatever. It's not user-visible so I was just letting it slide.

Shnatsel avatar Oct 31 '24 14:10 Shnatsel

Let's not talk about 'fault' (responsibility is a better word in general). 🫂 But honestly, it's fine, these things happen. How would be a way to fix it? Newer versions could just check for both and rename the advisory-db..lock => advisory-db.lock. But this would break backward compatibility and everyone working on one thing would need to update. So not sure, how to approach it?

simonsan avatar Oct 31 '24 21:10 simonsan

I'm not terribly worried about scenarios where someone has multiple concurrent versions of cargo audit installed because most of the mechanisms for installing it ensure there is only one version installed (cargo install, distro package). I suppose we do supply binaries, though.

That said, we just bumped minor version, and I don't think we should change it in a patch release.

tarcieri avatar Oct 31 '24 21:10 tarcieri