Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local path dependencies trigger advisory warnings for crates of the same name #486

Closed
djc opened this issue Nov 28, 2022 · 1 comment
Closed

Local path dependencies trigger advisory warnings for crates of the same name #486

djc opened this issue Nov 28, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@djc
Copy link

djc commented Nov 28, 2022

Describe the bug
In opentelemetry we have an example crate called http, which is sitting at version 0.1.0. It recently started triggering the advisory check for RUSTSEC-2019-0033 and RUSTSEC-2019-0034 even though it is a completely different crate (just sharing the same name).

To Reproduce
Steps to reproduce the behavior:

  1. Create example crate with same name/version as a crate that has a vulnerability

Expected behavior
Would expect to get no warnings/errors in this case.

Screenshots
Screenshot 2022-11-28 at 10 07 43
@djc djc added the bug Something isn't working label Nov 28, 2022
@Jake-Shadle
Copy link
Member

Duplicate of #446

@Jake-Shadle Jake-Shadle marked this as a duplicate of #446 Nov 28, 2022
djc added a commit to open-telemetry/opentelemetry-rust that referenced this issue Nov 28, 2022
@djc
Change example crate name to avoid conflict with existing http crate
3e446e4 
This could result in false positives from cargo deny:

EmbarkStudios/cargo-deny#486
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djc @Jake-Shadle