Issues found
Based on crates you own that have been published to crates.io. The best way to monitor these issues is to subscribe to the atom feed in your RSS reader.
sbom-tools
Imprecise dependency requirement pathfinding = 4
Cargo does not always pick latest versions of dependencies! Specify the version as
pathfinding = "4.14.0". IfCargo.lockends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using theminimal-versionsflag, used by users of old Rust versions.If you want to keep using truly minimal dependency requirements, please make sure you test them in CI with
-Z minimal-versionsCargo option, because it's very easy to accidentally use a feature added in a later version.Optional dependency 'reqwest' exposed as an implicit feature
Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using
dep:syntax. Features 'reqwest', 'sha2' may have been unintentional.
If some of these crates are unmaintained and shouldn't be checked, yank them or add [badges.maintenance] to their
status = "deprecated"Cargo.toml.