From bfa9e12685fafe5a1df78ab4550eb1e8c07db67f Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Thu, 1 Oct 2020 08:19:41 -0700 Subject: [PATCH] Add `rustsec` crate advisory for breaking changes to advisory format (#415) In theory this advisory should trigger this feature of `cargo-audit` which checks for advisories filed against the `rustsec` crate: https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199 After merging, I will test with an older `cargo-audit` version to see if it has the intended effect. --- README.md | 2 +- crates/rustsec/RUSTSEC-0000-0000.toml | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 crates/rustsec/RUSTSEC-0000-0000.toml diff --git a/README.md b/README.md index a721662..5aedf4c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # RustSec Advisory Database [![Build Status][build-image]][build-link] -![Maintained: Q3 2020][maintained-image] +![Maintained: Q4 2020][maintained-image] [![Gitter Chat][gitter-image]][gitter-link] The RustSec Advisory Database is a repository of security advisories filed diff --git a/crates/rustsec/RUSTSEC-0000-0000.toml b/crates/rustsec/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000..0e32667 --- /dev/null +++ b/crates/rustsec/RUSTSEC-0000-0000.toml @@ -0,0 +1,20 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "rustsec" +title = "Obsolete versions of the `rustsec` crate do not support the new V3 advisory format" +date = "2020-10-01" +url = "https://github.com/RustSec/advisory-db/issues/414" +description = """ +If you are seeing this message, you are running an obsolete version of +`cargo-audit` which does not support the new V3 advisory format. +These versions are end-of-life. + +This advisory is a notice that that it will soon be unable to parse the +advisory database. + +Please upgrade `cargo-audit` to a newer release. +""" + +[versions] +unaffected = [">= 0.19.0"] +patched = []