Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check-advisories Github Action fails due to unmaintained instant crate. #16477

Open
andriyDev opened this issue Nov 22, 2024 · 3 comments
Open

check-advisories Github Action fails due to unmaintained instant crate. #16477

andriyDev opened this issue Nov 22, 2024 · 3 comments
Labels
A-Build-System Related to build systems or continuous integration C-Bug An unexpected or incorrect behavior C-Dependencies A change to the crates that Bevy depends on D-Trivial Nice and easy! A great choice to get started with Bevy S-Blocked This cannot move forward until something else changes

Comments

@andriyDev
Copy link
Contributor

Bevy version

6741e01

What you did

  • Ran cargo deny check advisories (same thing as the Github Action).

What went wrong

error[unmaintained]: `instant` is unmaintained
    ┌─ E:\Content\bevy/Cargo.lock:293:1
    │
293 │ instant 0.1.13 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
    │
    ├ ID: RUSTSEC-2024-0384
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0384
    ├ This crate is no longer maintained, and the author recommends using the maintained [`web-time`] crate instead.

      [`web-time`]: https://crates.io/crates/web-time
    ├ Solution: No safe upgrade is available!
    ├ instant v0.1.13
      └── notify-types v1.0.0
          ├── notify v7.0.0
          │   └── notify-debouncer-full v0.4.0
          │       └── bevy_asset v0.15.0-dev
          │           ├── bevy_animation v0.15.0-dev
          │           │   ├── bevy_gltf v0.15.0-dev
          │           │   │   └── bevy_internal v0.15.0-dev
          │           │   │       ├── bevy v0.15.0-dev
          │           │   │       └── bevy_dylib v0.15.0-dev
          │           │   │           └── bevy v0.15.0-dev (*)
          │           │   └── bevy_internal v0.15.0-dev (*)
          │           ├── bevy_audio v0.15.0-dev
          │           │   └── bevy_internal v0.15.0-dev (*)
          │           ├── bevy_core_pipeline v0.15.0-dev
          │           │   ├── bevy_dev_tools v0.15.0-dev
          │           │   │   └── bevy_internal v0.15.0-dev (*)
          │           │   ├── bevy_gizmos v0.15.0-dev
          │           │   │   ├── bevy_dev_tools v0.15.0-dev (*)
          │           │   │   └── bevy_internal v0.15.0-dev (*)
          │           │   ├── bevy_gltf v0.15.0-dev (*)
          │           │   ├── bevy_internal v0.15.0-dev (*)
          │           │   ├── bevy_pbr v0.15.0-dev
          │           │   │   ├── bevy_gizmos v0.15.0-dev (*)
          │           │   │   ├── bevy_gltf v0.15.0-dev (*)
          │           │   │   └── bevy_internal v0.15.0-dev (*)
          │           │   ├── bevy_sprite v0.15.0-dev
          │           │   │   ├── bevy_gizmos v0.15.0-dev (*)
          │           │   │   ├── bevy_internal v0.15.0-dev (*)
          │           │   │   ├── bevy_text v0.15.0-dev
          │           │   │   │   ├── bevy_dev_tools v0.15.0-dev (*)
          │           │   │   │   ├── bevy_internal v0.15.0-dev (*)
          │           │   │   │   └── bevy_ui v0.15.0-dev
          │           │   │   │       ├── bevy_dev_tools v0.15.0-dev (*)
          │           │   │   │       └── bevy_internal v0.15.0-dev (*)
          │           │   │   └── bevy_ui v0.15.0-dev (*)
          │           │   └── bevy_ui v0.15.0-dev (*)
          │           ├── bevy_dev_tools v0.15.0-dev (*)
          │           ├── bevy_gizmos v0.15.0-dev (*)
          │           ├── bevy_gltf v0.15.0-dev (*)
          │           ├── bevy_image v0.15.0-dev
          │           │   ├── bevy_core_pipeline v0.15.0-dev (*)
          │           │   ├── bevy_gizmos v0.15.0-dev (*)
          │           │   ├── bevy_gltf v0.15.0-dev (*)
          │           │   ├── bevy_internal v0.15.0-dev (*)
          │           │   ├── bevy_mesh v0.15.0-dev
          │           │   │   ├── bevy_picking v0.15.0-dev
          │           │   │   │   ├── bevy_internal v0.15.0-dev (*)
          │           │   │   │   ├── bevy_sprite v0.15.0-dev (*)
          │           │   │   │   └── bevy_ui v0.15.0-dev (*)
          │           │   │   └── bevy_render v0.15.0-dev
          │           │   │       ├── (dev) bevy v0.15.0-dev (*)
          │           │   │       ├── bevy_animation v0.15.0-dev (*)
          │           │   │       ├── bevy_core_pipeline v0.15.0-dev (*)
          │           │   │       ├── bevy_dev_tools v0.15.0-dev (*)
          │           │   │       ├── bevy_gizmos v0.15.0-dev (*)
          │           │   │       ├── bevy_gltf v0.15.0-dev (*)
          │           │   │       ├── bevy_internal v0.15.0-dev (*)
          │           │   │       ├── bevy_pbr v0.15.0-dev (*)
          │           │   │       ├── bevy_picking v0.15.0-dev (*)
          │           │   │       ├── bevy_scene v0.15.0-dev
          │           │   │       │   ├── bevy_gltf v0.15.0-dev (*)
          │           │   │       │   └── bevy_internal v0.15.0-dev (*)
          │           │   │       ├── bevy_sprite v0.15.0-dev (*)
          │           │   │       ├── bevy_text v0.15.0-dev (*)
          │           │   │       └── bevy_ui v0.15.0-dev (*)
          │           │   ├── bevy_pbr v0.15.0-dev (*)
          │           │   ├── bevy_render v0.15.0-dev (*)
          │           │   ├── bevy_sprite v0.15.0-dev (*)
          │           │   ├── bevy_text v0.15.0-dev (*)
          │           │   ├── bevy_ui v0.15.0-dev (*)
          │           │   └── bevy_winit v0.15.0-dev
          │           │       └── bevy_internal v0.15.0-dev (*)
          │           ├── bevy_internal v0.15.0-dev (*)
          │           ├── bevy_mesh v0.15.0-dev (*)
          │           ├── bevy_pbr v0.15.0-dev (*)
          │           ├── bevy_picking v0.15.0-dev (*)
          │           ├── bevy_render v0.15.0-dev (*)
          │           ├── bevy_scene v0.15.0-dev (*)
          │           ├── bevy_sprite v0.15.0-dev (*)
          │           ├── bevy_text v0.15.0-dev (*)
          │           ├── bevy_ui v0.15.0-dev (*)
          │           └── bevy_winit v0.15.0-dev (*)
          └── notify-debouncer-full v0.4.0 (*)

advisories FAILED
@andriyDev andriyDev added C-Bug An unexpected or incorrect behavior S-Needs-Triage This issue needs to be labelled labels Nov 22, 2024
@andriyDev
Copy link
Contributor Author

This is fixed upstream notify-rs/notify#652, so I guess we just have to twiddle our thumbs until notify-types 2.0 gets published.

@BenjaminBrienen BenjaminBrienen added D-Trivial Nice and easy! A great choice to get started with Bevy C-Dependencies A change to the crates that Bevy depends on S-Blocked This cannot move forward until something else changes and removed S-Needs-Triage This issue needs to be labelled labels Nov 22, 2024
@BenjaminBrienen
Copy link
Contributor

Yeah, this is just a transitive dependency, so it won't be fixable until a they finally publish a new version.

@BenjaminBrienen BenjaminBrienen added the A-Build-System Related to build systems or continuous integration label Nov 22, 2024
@andriyDev andriyDev mentioned this issue Dec 11, 2024
Merged
@BD103
Copy link
Member

BD103 commented Dec 11, 2024

#16763 will temporarily silence this CI failure, but the workaround it introduces should be removed before this issue is closed.

github-merge-queue bot pushed a commit that referenced this issue Dec 11, 2024
@andriyDev
Ignore the 'instant is unmaintained' advisory. (#16763)
e5d7fb4 
# Objective

- Hides #16477.

## Solution

Add the advisory ID to the list of ignored advisories.

The notify-types crate has already been switched to web-time upstream,
but it's up to the maintainer to publish the crate. There is nothing for
us to do, so better to just ignore it so we don't ignore this CI check
anymore (and mistakenly miss new advisories).

## Testing

- Tested locally.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Build-System Related to build systems or continuous integration C-Bug An unexpected or incorrect behavior C-Dependencies A change to the crates that Bevy depends on D-Trivial Nice and easy! A great choice to get started with Bevy S-Blocked This cannot move forward until something else changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andriyDev @BenjaminBrienen @BD103