Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only show update message if it will fix the issue #607

Open
Jake-Shadle opened this issue Feb 21, 2024 · 0 comments
Open

Only show update message if it will fix the issue #607

Jake-Shadle opened this issue Feb 21, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@Jake-Shadle
Copy link
Member

If an advisory has a patched version, or a crate is yanked, we emit a "... (try cargo update -p <package_name>)", the problem is that we don't actually do any checking to see if performing that action will fix the issue.

  • A version can be yanked without a semver compatible upgrade (or downgrade) (eg. Allowing a yanked crate #579)
  • The patched version in the advisory could be unselectable due to the current version constraints in the dependency graph

We already have the registry metadata for every crate in the graph, so it's possible to put in a little more effort here and either show that message if could fix the issue, or else give a more detailed message about why a simple update won't actually work.
@Jake-Shadle Jake-Shadle added the enhancement New feature or request label Feb 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jake-Shadle