Open asomers opened 3 months ago
Can you try v0.20.1?
Edit: oops, didn't mean to close
Negative @tarcieri . It still crashes for me.
Can you expound on this:
But this problem is only reproducible when cargo-audit is built in a way that honors the Cargo.lock file. Doing a cargo install ignores Cargo.lock, and the resulting binary works
Can you expound on this:
But this problem is only reproducible when cargo-audit is built in a way that honors the Cargo.lock file. Doing a cargo install ignores Cargo.lock, and the resulting binary works
It's my understanding that "cargo install" ignores the Cargo.lock file. But even if my understanding is incorrect, what's indisputable is that doing cargo install cargo-audit; cargo audit
works, while doing cargo run
from the rustsec/cargo-audit directory crashes.
So cargo install
worked for v0.20.0, works for v0.20.1, but this bug arises with cargo install --locked
for either v0.20.0 or v0.20.1?
Must be a bug in a dependency which didn't get upgraded in Cargo.lock between versions, then.
Actually, it _doeswork with cargo install --locked
, oddly enough. But it fails with cargo run
, and it fails for the package built by the FreeBSD ports system.
cargo-audit 0.20.0 crashes when run on the master branch of the Nix repository. The problem seems to be that the master branch uses a git dependency, and specifies a git branch rather than a revision. But this problem is only reproducible when cargo-audit is built in a way that honors the Cargo.lock file. Doing a
cargo install
ignores Cargo.lock, and the resulting binary works. Both 0.20.0 and the main branch are affected. Both rust nightly and rust 1.77.0 are affected, though the 0.20.0 branch doesn't compile with rust nightly.Steps to reproduce: