Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

Scheduled run with warning: "Cannot read property 'id' of undefined" #70

Closed
stephank opened this issue Jan 24, 2020 · 5 comments
Closed

Scheduled run with warning: "Cannot read property 'id' of undefined" #70

stephank opened this issue Jan 24, 2020 · 5 comments

Comments

@stephank
Copy link

Not sure how long this link lasts: https://github.com/portier/portier-broker/commit/4dbe08dfe176b2f10755f22e6a2ba25e11bd9258/checks?check_suite_id=417536094

Previous runs all succeeded, so maybe the cargo-audit output changed? I'm looking at the JSON, and think this no longer holds true:

audit-check/src/interfaces.ts

Line 5 in 18b7af7

warnings: Vulnerability[];

(Or maybe even Vulnerability itself has changed, I don't know.)

The warning object in the output looks like:

{
  "kind": {
    "unmaintained": {
      "advisory": {
        "id": "RUSTSEC-2019-0031",
        "package": "spin",
        "date": "2019-11-21",
        "aliases": [],
        "references": [],
        "collection": "crates",
        "categories": [],
        "keywords": [],
        "cvss": null,
        "informational": "unmaintained",
        "obsolete": false,
        "url": "https://github.com/mvdnes/spin-rs/commit/7516c80",
        "title": "spin is no longer actively maintained",
        "description": "The author of the `spin` crate does not have time or interest to maintain it.\n\nConsider the following alternatives (both of which support `no_std`):\n\n- [`conquer-once`](https://github.com/oliver-giersch/conquer-once)\n- [`lock_api`](https://crates.io/crates/lock_api) (a subproject of `parking_lot`)\n",
        "patched_versions": [],
        "unaffected_versions": []
      },
      "versions": {
        "patched": [],
        "unaffected": [
          "> 0.5.2"
        ]
      }
    }
  },
  "package": {
    "name": "spin",
    "version": "0.5.2",
    "source": "registry+https://github.com/rust-lang/crates.io-index",
    "checksum": "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d",
    "replace": null
  }
}
@svartalf
Copy link
Member

Oh, thank you for the heads up! This needs to be fixed asap

@alex
Copy link

alex commented Jan 24, 2020

This was almost certainly caused by the cargo-audit release yesterday.

@svartalf
Copy link
Member

Follow up: I managed to write a fix in 8620709, it is merged into master branch already, but was not published yet, as I'm planning to do a bit more testing.
If you want to, you can join the testing too by switching actions-rs/audit-check@v1 to actions-rs/audit-check@master in your workflow file temporary.

@stephank
Copy link
Author

The last run (using master) seems to have gone well for our repo: https://github.com/portier/portier-broker/runs/409930518

@nanne007 nanne007 mentioned this issue Jan 30, 2020
Closed
@Arzte Arzte mentioned this issue Jan 31, 2020
Closed
@svartalf
Copy link
Member

svartalf commented Feb 1, 2020

Alright, it is finally released as a new v1 action, thank you for a bug report!

@stephank, please, do not forget to switch back from @master to @v1 version :)

@svartalf svartalf closed this as completed Feb 1, 2020
@svartalf svartalf mentioned this issue May 15, 2020
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alex @stephank @svartalf