Skip to content

build_container: install at least cargo-audit 0.22#144

Merged
stsquad merged 1 commit intorust-vmm:mainfrom
stefano-garzarella:fix-cargo-audit
Dec 24, 2025
Merged

build_container: install at least cargo-audit 0.22#144
stsquad merged 1 commit intorust-vmm:mainfrom
stefano-garzarella:fix-cargo-audit

Conversation

@stefano-garzarella
Copy link
Member

@stefano-garzarella stefano-garzarella commented Dec 23, 2025

Summary of the PR

cargo-audit 0.22 is the first version that can parse cvss 4.0 scores and avoid the following error in our pipelines:
$ cargo audit -q --deny warnings
error: error loading advisory database: parse error: TOML parse error at line 8, column 8
|
8 | cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
unsupported CVSS version: 4.0

Requirements

Before submitting your PR, please make sure you addressed the following
requirements:

  • All commits in this PR have Signed-Off-By trailers (with
    git commit -s), and the commit message has max 60 characters for the
    summary and max 75 characters for each description line.
  • All added/changed functionality has a corresponding unit/integration
    test.
  • All added/changed public-facing functionality has entries in the "Upcoming
    Release" section of CHANGELOG.md (if no such section exists, please create one).
  • Any newly added unsafe code is properly documented.

@stefano-garzarella stefano-garzarella mentioned this pull request Dec 23, 2025
Open
4 tasks
RuoqingHe
RuoqingHe previously approved these changes Dec 23, 2025
View reviewed changes
Copy link
Member

@RuoqingHe RuoqingHe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks for fixing this ❤️

@stefano-garzarella stefano-garzarella mentioned this pull request Dec 23, 2025
Merged
3 tasks
@stefano-garzarella
build_container: install at least cargo-audit 0.22
d7356b2 
cargo-audit 0.22 is the first version that can parse cvss 4.0 scores
and avoid the following error in our pipelines:
  $ cargo audit -q --deny warnings
  error: error loading advisory database: parse error: TOML parse error at line 8, column 8
    |
  8 | cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
    |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  unsupported CVSS version: 4.0

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
@stsquad stsquad merged commit a87ad68 into rust-vmm:main Dec 24, 2025
4 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stsquad stsquad stsquad approved these changes

@RuoqingHe RuoqingHe RuoqingHe approved these changes

@andreeaflorescu andreeaflorescu Awaiting requested review from andreeaflorescu andreeaflorescu is a code owner

@lauralt lauralt Awaiting requested review from lauralt lauralt is a code owner

@roypat roypat Awaiting requested review from roypat roypat is a code owner

@ShadowCurse ShadowCurse Awaiting requested review from ShadowCurse ShadowCurse is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stefano-garzarella @stsquad @RuoqingHe

Comments