Can't ignore unmaintained crates?
emilk opened this issue Β· comments
Describe the bug
I'm trying to ignore the fact that a crate is unmaintained, but I don't know how.
Is the ignore field only for yanked crates? If so, how do I ignore unmaintained crates?
To reproduce
This is what I tried:
[advisories]
version = 2
ignore = [
"safemem",
"safemem@0.3.3",
]Resulting in:
error[unmaintained]: safemem is unmaintained
ββ Cargo.lock:497:1
β
497 β safemem 0.3.3 registry+https://github.com/rust-lang/crates.io-index
β ------------------------------------------------------------------- unmaintained advisory detected
β
= ID: RUSTSEC-2023-0081
= Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0081
= The latest crates.io release was in 2019. The repository has been archived by the author.
β¦
= Announcement: https://github.com/abonander/safemem
= Solution: No safe upgrade is available!
= safemem v0.3.3
βββ base64 v0.9.3
βββ wasm-bindgen-cli-support v0.2.90
βββ cargo-run-wasm v0.3.2
β βββ run_wasm v0.16.0-alpha.1+dev
βββ re_dev_tools v0.16.0-alpha.1+dev
warning[yanked-not-detected]: yanked crate was not encountered
ββ /Users/emilk/code/rerun/rerun/deny.toml:34:4
β
34 β "safemem@0.3.3",
β ^^^^^^^^^^^^^ yanked crate not detected
warning[yanked-not-detected]: yanked crate was not encountered
ββ /Users/emilk/code/rerun/rerun/deny.toml:33:4
β
33 β "safemem",
β ^^^^^^^ yanked crate not detected
advisories FAILED, bans ok, licenses ok, sources ok
cargo-deny version
cargo-deny 0.14.21
What OS were you running cargo-deny on?
MacOS
Additional context
No response
The ignore field is for yanked crates or advisories, in the case of unmaintained crates you use the advisory for it, but I can see how using the crate spec would also make sense.
Ah that makes sense - thanks. Ignoring "RUSTSEC-2023-0081" works as expected.
Feel free to close this.