Describe the bug

After having installed the latest version of cargo-deny (0.14.19) and running cargo deny check advisories in a Rust workspace, I'm met with the following error:

[ERROR] failed to fetch advisory database https://github.com/rustsec/advisory-db: An IO error occurred when talking to the server: error sending request for url (https://github.com/rustsec/advisory-db/info/refs?service=git-upload-pack): client error (Connect)

I'm not sure what the problem is since I can download the file with curl:

curl https://github.com/rustsec/advisory-db/info/refs?service=git-upload-pack --output foo

The used db-urls in deny.toml is the same as in the book.
I get the same issue when using the deny.toml from this repository as well:
https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.toml

I've encountered this problem while using both Ubuntu 22.04 (as OS) and inside a rust:1.76-slim docker container.

To reproduce

1. Install the latest version of cargo-deny:
   cargo install --version 0.14.19 cargo-deny
2. Position yourself inside a Rust project with a deny.toml. You can grab an example from here: https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.toml
3. Run:
   cargo deny check advisories

cargo-deny version

cargo-deny 0.14.19

What OS were you running cargo-deny on?

Linux

Additional context

No response

Can you confirm that older versions still work? I'm unable to repro this so feels like a client side issue (behind proxy or something?).

0.14.14 working ok for me. A colleague running 0.14.19 is seeing this same issue

..after upgrading it fails for me as well. I'm not behind any vpn or proxy:

2024-03-22 15:15:13 [INFO] gathered 346 crates in 449ms
2024-03-22 15:15:13 [ERROR] failed to fetch advisory database https://github.com/rustsec/advisory-db: failed to prepare fetch: An IO error occurred when talking to the server: error sending request for url (https://github.com/rustsec/advisory-db/info/refs?service=git-upload-pack)

using 0.14.19 shows that issue. Compiling from current head 621ff39 seems to work just fine 🤷

That does not make sense, there was no change between them that would affect this.

It is a little bit weird guys: on my laptop running archlinux it works perfectly; instead when I try to build with the official rust docker image 1.7.0-slim-bookworm I got the issue.
Version 0.14.18 works on 1.7.0-slim-bookworm.

I know it still sounds weird(er), but if I install version 0.14.19:

cargo install cargo-deny --version 0.14.19 --force 

and do a cargo deny check, I see the same error every single time.

If I build from source on commit c16388b (tag: 0.14.19) then it works fine for me both building in release and non-release modes.

I could reproduce the issue (both with cargo deny and cargo audit), I 'm investigating.

I can repro this, I believe I know what is happening.

The issue is that gix-transport 0.41.3, or one of the updated dependencies it uses, has a bug. Again, the recommended way to install cargo-deny, as stated in the README, is to use --locked when running cargo install, as otherwise bugs or semver breakages which are not tested in CI can occur.

Thank you, @Jake-Shadle for the quick response and fix, I've followed through and it was quite the rabbit hole. I can confirm cargo-deny 0.14.20 works, though I think I will move to installing cargo-deny with --lock into the image.

1. clear the allow scope in deny.toml
2. run cargo deny check, it will fail.
3. fill licenses in the allow scope again.
4. it works.

It works for me