-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Check for advisories doesn't seem to work on 0.14.19 #641
Comments
Can you confirm that older versions still work? I'm unable to repro this so feels like a client side issue (behind proxy or something?). |
0.14.14 working ok for me. A colleague running 0.14.19 is seeing this same issue |
..after upgrading it fails for me as well. I'm not behind any vpn or proxy: 2024-03-22 15:15:13 [INFO] gathered 346 crates in 449ms
2024-03-22 15:15:13 [ERROR] failed to fetch advisory database https://github.com/rustsec/advisory-db: failed to prepare fetch: An IO error occurred when talking to the server: error sending request for url (https://github.com/rustsec/advisory-db/info/refs?service=git-upload-pack) |
using 0.14.19 shows that issue. Compiling from current head 621ff39 seems to work just fine 🤷 |
That does not make sense, there was no change between them that would affect this. |
It is a little bit weird guys: on my laptop running archlinux it works perfectly; instead when I try to build with the official rust docker image 1.7.0-slim-bookworm I got the issue. |
I know it still sounds weird(er), but if I install version 0.14.19: cargo install cargo-deny --version 0.14.19 --force and do a If I build from source on commit |
I could reproduce the issue (both with cargo deny and cargo audit), I 'm investigating. |
I can repro this, I believe I know what is happening. |
The issue is that gix-transport 0.41.3, or one of the updated dependencies it uses, has a bug. Again, the recommended way to install cargo-deny, as stated in the README, is to use |
Thank you, @Jake-Shadle for the quick response and fix, I've followed through and it was quite the rabbit hole. I can confirm |
It works for me |
Describe the bug
After having installed the latest version of
cargo-deny
(0.14.19
) and runningcargo deny check advisories
in a Rust workspace, I'm met with the following error:I'm not sure what the problem is since I can download the file with
curl
:The used
db-urls
indeny.toml
is the same as in the book.I get the same issue when using the
deny.toml
from this repository as well:https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.toml
I've encountered this problem while using both
Ubuntu 22.04
(as OS) and inside arust:1.76-slim
docker container.To reproduce
cargo-deny
:cargo install --version 0.14.19 cargo-deny
deny.toml
. You can grab an example from here: https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.tomlcargo deny check advisories
cargo-deny version
cargo-deny 0.14.19
What OS were you running cargo-deny on?
Linux
Additional context
No response
The text was updated successfully, but these errors were encountered: