Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to flag unmaintained, deprecated, or unsound? #547

Open
kornelski opened this issue Sep 13, 2023 · 1 comment
Open

How to flag unmaintained, deprecated, or unsound? #547

kornelski opened this issue Sep 13, 2023 · 1 comment

Comments

@kornelski
Copy link
Member

The docs have no guidance on how to flag dependencies as needing fixes/replacement, but not stop-the-release urgently. A violation with any of the built-in criteria would be too disruptive.

How to flag low-severity vulnerabilities or unsoundness?

I'm not sure how to name custom criteria for use with with violation. They're negated, so an unmaintained crate would be a violation and maintained criteria?

Maybe cargo-vet could have a dedicated support for warnings?
@bholley
Copy link
Collaborator

bholley commented Sep 14, 2023

There's some discussion related to this in #446.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kornelski @bholley