-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve output for RustSec advisories #288
Comments
If possible, I'd like to take this one 😄 Just had a question before I get to work: where should new output lines be located?
|
Thanks! That does look quite good, but a bit hard to say what is the best :) Maybe have it indented somewhat also? Not sure |
Alright, my development version is now reporting URL (I removed
Would be great to get some comments regarding how this looks, I'll open up a draft PR shortly so that changes can also be commented there. |
While exploring For reference, this is how
Wouldn't adding a "Patched Versions" line simply repeat all available versions already being listed by iterating over |
This is how
cargo-audit
outputs when it detects a security vulnerability:compared to current
cargo-deny
:They are both quite good and both have their pros and cons.
The cargo-deny one can be somewhat verbose, but depends on how the description of the RustSec issue was. In the above example it was just technical implementation details which is likely less useful in the context directly from cargo-deny, but believe other issues are more clear there.
What I am missing though is the link, to be able to include in PRs/commits and to check if there is more info there directly: https://rustsec.org/advisories/RUSTSEC-2020-0041 in the cargo-deny output I have to copy'n'paste out the id and then web search for it.
I also like that both the RustSec website and cargo-audit spells out "Patched Versions: None!" and "Solution: No safe upgrade is available!" respectively.
Think we should add both the "Solution" (even if one is missing) and the full URL to the RustSec page in the cargo-deny output also.
The text was updated successfully, but these errors were encountered: