Closed mihaelTBTL closed 3 months ago
Can you confirm that older versions still work? I'm unable to repro this so feels like a client side issue (behind proxy or something?).
0.14.14 working ok for me. A colleague running 0.14.19 is seeing this same issue
..after upgrading it fails for me as well. I'm not behind any vpn or proxy:
2024-03-22 15:15:13 [INFO] gathered 346 crates in 449ms
2024-03-22 15:15:13 [ERROR] failed to fetch advisory database https://github.com/rustsec/advisory-db: failed to prepare fetch: An IO error occurred when talking to the server: error sending request for url (https://github.com/rustsec/advisory-db/info/refs?service=git-upload-pack)
using 0.14.19 shows that issue. Compiling from current head 621ff39 seems to work just fine 🤷
That does not make sense, there was no change between them that would affect this.
It is a little bit weird guys: on my laptop running archlinux it works perfectly; instead when I try to build with the official rust docker image 1.7.0-slim-bookworm I got the issue. Version 0.14.18 works on 1.7.0-slim-bookworm.
I know it still sounds weird(er), but if I install version 0.14.19:
cargo install cargo-deny --version 0.14.19 --force
and do a cargo deny check
, I see the same error every single time.
If I build from source on commit c16388b
(tag: 0.14.19) then it works fine for me both building in release and non-release modes.
I could reproduce the issue (both with cargo deny and cargo audit), I 'm investigating.
I can repro this, I believe I know what is happening.
The issue is that gix-transport 0.41.3, or one of the updated dependencies it uses, has a bug. Again, the recommended way to install cargo-deny, as stated in the README, is to use --locked
when running cargo install
, as otherwise bugs or semver breakages which are not tested in CI can occur.
Thank you, @Jake-Shadle for the quick response and fix, I've followed through and it was quite the rabbit hole. I can confirm cargo-deny 0.14.20
works, though I think I will move to installing cargo-deny
with --lock
into the image.
allow
scope in deny.tomlcargo deny check
, it will fail.allow
scope again.It works for me
Describe the bug
After having installed the latest version of
cargo-deny
(0.14.19
) and runningcargo deny check advisories
in a Rust workspace, I'm met with the following error:I'm not sure what the problem is since I can download the file with
curl
:The used
db-urls
indeny.toml
is the same as in the book. I get the same issue when using thedeny.toml
from this repository as well: https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.tomlI've encountered this problem while using both
Ubuntu 22.04
(as OS) and inside arust:1.76-slim
docker container.To reproduce
cargo-deny
:cargo install --version 0.14.19 cargo-deny
deny.toml
. You can grab an example from here: https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.tomlcargo deny check advisories
cargo-deny version
cargo-deny 0.14.19
What OS were you running cargo-deny on?
Linux
Additional context
No response