Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/mozilla/cargo-vet

supply-chain security for Rust
https://github.com/mozilla/cargo-vet

Bump libc from 0.2.146 to 0.2.148

dependabot[bot] opened this pull request over 1 year ago
How to flag unmaintained, deprecated, or unsound?

kornelski opened this issue over 1 year ago
Bump toml from 0.5.9 to 0.7.8

dependabot[bot] opened this pull request over 1 year ago
Bump chrono from 0.4.23 to 0.4.30

dependabot[bot] opened this pull request over 1 year ago
Bump toml_edit from 0.14.4 to 0.19.15

dependabot[bot] opened this pull request over 1 year ago
Bump toml from 0.5.9 to 0.7.7

dependabot[bot] opened this pull request over 1 year ago
Bump chrono from 0.4.23 to 0.4.29

dependabot[bot] opened this pull request over 1 year ago
exclude inactive optional dependencies #537

TitanNano opened this pull request over 1 year ago
FYI: cargo-crev export tool

kornelski opened this issue over 1 year ago
Bump chrono from 0.4.23 to 0.4.28

dependabot[bot] opened this pull request over 1 year ago
Bump chrono from 0.4.23 to 0.4.27

dependabot[bot] opened this pull request over 1 year ago
Optional dependencies

cemoktra opened this issue over 1 year ago
Bump tempfile from 3.3.0 to 3.8.0

dependabot[bot] opened this pull request over 1 year ago
Explicit transitively importing audits

Nemo157 opened this issue over 1 year ago
Bump tempfile from 3.3.0 to 3.7.1

dependabot[bot] opened this pull request over 1 year ago
Bump indicatif from 0.17.0 to 0.17.6

dependabot[bot] opened this pull request over 1 year ago
Consider giving detail about diff audit suggestions based on imports/wildcards/trusted entries

afranchuk opened this issue over 1 year ago
Bump toml_edit from 0.14.4 to 0.19.14

dependabot[bot] opened this pull request over 1 year ago
Bump futures-util from 0.3.21 to 0.3.28

dependabot[bot] opened this pull request over 1 year ago
Bump libc from 0.2.146 to 0.2.147

dependabot[bot] opened this pull request over 1 year ago
Bump base64-stream from 1.2.7 to 2.0.0

dependabot[bot] opened this pull request over 1 year ago
Bump toml from 0.5.9 to 0.7.6

dependabot[bot] opened this pull request over 1 year ago
Bump tempfile from 3.3.0 to 3.7.0

dependabot[bot] opened this pull request over 1 year ago
Bump chrono from 0.4.23 to 0.4.26

dependabot[bot] opened this pull request over 1 year ago
Bump tracing from 0.1.35 to 0.1.37

dependabot[bot] opened this pull request over 1 year ago
Bump similar from 2.2.0 to 2.2.1

dependabot[bot] opened this pull request over 1 year ago
Bump indicatif from 0.17.0 to 0.17.5

dependabot[bot] opened this pull request over 1 year ago
Specify the number of chars to show with "git diff".

jfgoog opened this pull request over 1 year ago
Add an importable flag to audits

mystor opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.19

dependabot[bot] opened this pull request over 1 year ago
Bump thiserror from 1.0.40 to 1.0.44

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.17

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.16

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.15

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.12

dependabot[bot] opened this pull request over 1 year ago
Bump miette from 5.9.0 to 5.10.0

dependabot[bot] opened this pull request over 1 year ago
Metadata cache invalidation issue for unpublished crate

mystor opened this issue over 1 year ago
Bump thiserror from 1.0.40 to 1.0.43

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.11

dependabot[bot] opened this pull request over 1 year ago
Bump thiserror from 1.0.40 to 1.0.41

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.10

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.9

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.8

dependabot[bot] opened this pull request over 1 year ago
Bump serde from 1.0.137 to 1.0.164

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 4.3.5

dependabot[bot] opened this pull request over 1 year ago
Update miette to 5.9.0

mystor opened this pull request over 1 year ago
Fix trust test to use MockRegistryBuilder

mystor opened this pull request over 1 year ago
Suggest git audit failures in two stages

mystor opened this pull request over 1 year ago
Improve handling of trust --all

mystor opened this pull request over 1 year ago
cargo vet trust --all papercuts

bholley opened this issue over 1 year ago
Fix URL when using crates.io index when package name contains uppercase

nbdd0121 opened this pull request over 1 year ago
Audit unpublished audit-as-crates-io crates as a published version

mystor opened this pull request over 1 year ago
Support crates.io installs using the http crates.io registry

mystor opened this pull request over 1 year ago
Better behavior for not-yet-published audit-as-crates-io crates

bholley opened this issue over 1 year ago
Regenerating imports while not connected to the internet

Guswall opened this issue over 1 year ago
Override Global Default Policies

Folling opened this issue over 1 year ago
Remove violations when pruning if no crates in the graph match the violation crate

afranchuk opened this pull request over 1 year ago
Local `cargo vet diff` should ignore `target` directory

afranchuk opened this issue over 1 year ago
Have `cargo vet prune` remove old redundant policy fields

repi opened this issue over 1 year ago
Workflow for replacing trusted publisher with imported audit?

repi opened this issue over 1 year ago
cargo-vet on riscv64 platform

kush930 opened this issue over 1 year ago
Built-in support for multiple Rust workspaces in same repo

repi opened this issue over 1 year ago
Violations should not appear in imports.lock if the crate is not used

bholley opened this issue over 1 year ago
Configurable default review name & email

repi opened this issue over 1 year ago
Publish pre-built binaries of cargo-vet

repi opened this issue over 1 year ago
Filter out missing information in `get_publishers`

mystor opened this pull request over 1 year ago
Add documentation of the `trust` command and configuration.

afranchuk opened this pull request over 1 year ago
`suggest` cmd can suggest same crate+version multiple times

repi opened this issue over 1 year ago
Import additional registries

repi opened this pull request over 1 year ago
Simplify command for showing crate dependencies

bkrl opened this pull request over 1 year ago
Bump console from 0.15.0 to 0.15.7

dependabot[bot] opened this pull request over 1 year ago
Add description of policy table keys and stipulations around `dependency-criteria`

afranchuk opened this pull request over 1 year ago
Rework the caching in crates.io metadata retrieval.

afranchuk opened this pull request over 1 year ago
Support for sparse indexes/registries

mikhasd opened this issue over 1 year ago
Bump console from 0.15.0 to 0.15.6

dependabot[bot] opened this pull request over 1 year ago
Add the `renew` subcommand and a warning for expiring wildcard audits.

afranchuk opened this pull request over 1 year ago
Audit-as-crates-io detection needs some work

bholley opened this issue over 1 year ago
Bump tracing-subscriber from 0.3.11 to 0.3.17

dependabot[bot] opened this pull request over 1 year ago
Add --store-path to CLI to specify supply-chain directory.

jfgoog opened this pull request over 1 year ago
Use crate metadata to consider whether audit-as-crates-io should be set for a crate.

afranchuk opened this pull request over 1 year ago
Show full publisher name when displaying trust hints

bholley opened this pull request over 1 year ago
Support trusted entries in `cargo vet aggregate`

bholley opened this pull request over 1 year ago
Potential sparse registry issues

bholley opened this issue over 1 year ago
Introduce nagging mechanism to update wildcard audit expiration

bholley opened this issue over 1 year ago
Avoid audit-as-crates-io errors when upstream publishes a new version

bholley opened this issue over 1 year ago
Bump clap from 3.2.6 to 3.2.25

dependabot[bot] opened this pull request over 1 year ago
Bump clap from 3.2.6 to 3.2.24

dependabot[bot] opened this pull request over 1 year ago
Trusted Crates Implementation

mystor opened this pull request over 1 year ago
Implement Trusted Crate Suggestions

mystor opened this issue almost 2 years ago
Implement local support for Trusted Crates

mystor opened this issue almost 2 years ago
RFC: Trusted Crates

bholley opened this issue almost 2 years ago
Bump miette from 5.1.0 to 5.8.0

dependabot[bot] opened this pull request almost 2 years ago
Bump filetime from 0.2.16 to 0.2.21

dependabot[bot] opened this pull request almost 2 years ago
Add google's aggregated audits to the registry

bholley opened this pull request almost 2 years ago
Prompt the exact `cargo vet certify` command after `cargo vet diff`

afranchuk opened this issue almost 2 years ago
Bump miette from 5.1.0 to 5.7.0

dependabot[bot] opened this pull request almost 2 years ago
Tooling for bisecting crate versions to find violation ranges

djkoloski opened this issue almost 2 years ago
Replace "chromeos" entry with combined "google" entry.

bholley opened this pull request almost 2 years ago
Stop validating imports.lock when not --locked

mystor opened this pull request almost 2 years ago
Digests of reviewed versions, digital signatures

arnohaase opened this issue almost 2 years ago