do people care that the Cargo audit CI job is fail...
# developmentp
polite-garden-50641
12/20/2021, 8:29 PMdo people care that the Cargo audit CI job is failing (and has been for a while now) due to packages w/ security issues? https://github.com/pantsbuild/pants/runs/4579909153?check_suite_focus=true
h
hundreds-father-404
12/20/2021, 8:37 PMYes, we are supposed to care. I wasn't getting notifications and not sure if anyone else was either
f
fast-nail-55400
12/20/2021, 8:37 PMI do, but I need to figure out what to do with warnings like this one:
Copy code
Crate: anymap
Version: 0.12.1
Warning: unmaintainedfast-nail-55400
12/20/2021, 8:37 PMlike do I need to replace the deps that use anymap?
fast-nail-55400
12/20/2021, 8:37 PMso I’ll fix once I’ve figured out what to do with such messages
fast-nail-55400
12/20/2021, 8:38 PMby triaging what deps are actually using those underlying crates
fast-nail-55400
12/20/2021, 8:38 PMit’s not just a simple upgrade and done
h
hundreds-father-404
12/20/2021, 8:43 PMHm yeah..maybe we should ignore them?
f
fast-nail-55400
12/20/2021, 8:45 PMI’m triaging tonight. will figure out what to do with each.
e
enough-analyst-54434
12/20/2021, 9:54 PMI bumped into the same long red and did some of this work here: https://github.com/pantsbuild/pants/pull/13728
I punted on all these ~unfixable ones too though.