Scheduled run with warning: "Cannot read property 'id' of undefined"

[stephank]

Not sure how long this link lasts: https://github.com/portier/portier-broker/commit/4dbe08dfe176b2f10755f22e6a2ba25e11bd9258/checks?check_suite_id=417536094

Previous runs all succeeded, so maybe the cargo-audit output changed? I'm looking at the JSON, and think this no longer holds true: https://github.com/actions-rs/audit-check/blob/18b7af78f9d051ed94ff7a04b7aa97d357bfe005/src/interfaces.ts#L5

(Or maybe even Vulnerability itself has changed, I don't know.)

The warning object in the output looks like:

{
  "kind": {
    "unmaintained": {
      "advisory": {
        "id": "RUSTSEC-2019-0031",
        "package": "spin",
        "date": "2019-11-21",
        "aliases": [],
        "references": [],
        "collection": "crates",
        "categories": [],
        "keywords": [],
        "cvss": null,
        "informational": "unmaintained",
        "obsolete": false,
        "url": "https://github.com/mvdnes/spin-rs/commit/7516c80",
        "title": "spin is no longer actively maintained",
        "description": "The author of the `spin` crate does not have time or interest to maintain it.\n\nConsider the following alternatives (both of which support `no_std`):\n\n- [`conquer-once`](https://github.com/oliver-giersch/conquer-once)\n- [`lock_api`](https://crates.io/crates/lock_api) (a subproject of `parking_lot`)\n",
        "patched_versions": [],
        "unaffected_versions": []
      },
      "versions": {
        "patched": [],
        "unaffected": [
          "> 0.5.2"
        ]
      }
    }
  },
  "package": {
    "name": "spin",
    "version": "0.5.2",
    "source": "registry+https://github.com/rust-lang/crates.io-index",
    "checksum": "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d",
    "replace": null
  }
}

[svartalf]

Oh, thank you for the heads up! This needs to be fixed asap

[alex]

This was almost certainly caused by the cargo-audit release yesterday.

[svartalf]

Follow up: I managed to write a fix in 86207092bb0e2cae0ca905448175b6a391ab512c, it is merged into master branch already, but was not published yet, as I'm planning to do a bit more testing. If you want to, you can join the testing too by switching actions-rs/audit-check@v1 to actions-rs/audit-check@master in your workflow file temporary.

[stephank]

The last run (using master) seems to have gone well for our repo: https://github.com/portier/portier-broker/runs/409930518

[svartalf]

Alright, it is finally released as a new v1 action, thank you for a bug report!

@stephank, please, do not forget to switch back from @master to @v1 version :)