Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add a command to synchronize advisory data from osv.dev/GHSA #656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 10, 2024
Merged

Add a command to synchronize advisory data from osv.dev/GHSA #656

merged 6 commits into from
Feb 10, 2024

Conversation

amousset
Copy link
Member

@amousset amousset commented Aug 21, 2022
edited
Loading

Result in rustsec/advisory-db#1693.

Refs: #644

This PR implements:

  • Alias id update from OSV advisories
  • Listing OSV advisories we should consider importing into RustSec

The end goal is to be able to automatically open pull requests with the advisories updates and drafts from missing ones. For now I plan to run it regularly manually until we're confident with the result.

@amousset amousset force-pushed the sync branch 2 times, most recently from f5aadee to f5a07a8 Compare February 8, 2023 18:50
@amousset amousset self-assigned this Feb 25, 2023
@amousset amousset mentioned this pull request May 9, 2023
Closed
@amousset amousset mentioned this pull request May 11, 2023
Merged
@amousset amousset marked this pull request as ready for review June 10, 2023 15:53
amousset
amousset commented Jun 10, 2023
View reviewed changes
cargo-audit/src/commands/audit.rs Outdated
@@ -1,5 +1,7 @@
//! The `cargo audit` subcommand

#![allow(unused_qualifications)]
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rust 1.70.0 produces:

warning: unnecessary qualification
  --> cargo-audit/src/commands/audit.rs:38:12
   |
38 |     #[clap(subcommand)]
   |            ^^^^^^^^^^
   |
note: the lint level is defined here
  --> cargo-audit/src/lib.rs:21:56
   |
21 | #![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)]
   |                                                        ^^^^^^^^^^^^^^^^^^^^^

I did not investigate it further for now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really need to upgrade clap (and abscissa)

@amousset amousset force-pushed the sync branch 2 times, most recently from c10e285 to c90b9e7 Compare June 10, 2023 16:51
@amousset amousset mentioned this pull request Jun 13, 2023
Open
92 tasks
@amousset amousset mentioned this pull request Aug 27, 2023
Merged
@tarcieri tarcieri mentioned this pull request Oct 23, 2023
Closed
@tarcieri tarcieri mentioned this pull request Oct 31, 2023
Open
@amousset amousset force-pushed the sync branch 3 times, most recently from d464bc8 to f56fb9b Compare December 11, 2023 01:09
@Shnatsel
Copy link
Member

@amousset any reason not to merge this and start running it on CI?

It would be great to have this up and running!

@amousset
Copy link
Member Author

It's been running correctly since a long time, I think it makes sense to start automating this indeed!

@Shnatsel Shnatsel merged commit d19bc74 into rustsec:main Feb 10, 2024
@bjorn3 bjorn3 mentioned this pull request Mar 6, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri tarcieri left review comments

Assignees

@amousset amousset

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@amousset @Shnatsel @tarcieri