Describe the bug
When running the ODS Rust agent with cargo deny version 0.18.2, the advisory database fails to load due to a TOML parse error caused by an unsupported CVSS version (4.0) in one of the advisories.
To Reproduce
Steps to reproduce the behavior:
- Run the ODS Rust agent pipeline.
- Execute the cargo deny check step (without JSON formatting).
- Observe the error in the logs.
Expected behavior
The advisory database should load successfully, and cargo deny check should complete without errors.
Log Output
+ cargo deny check
2025-12-20 00:25:50 [ERROR] failed to load advisory database: parse error: error parsing /home/jenkins/.cargo/advisory-dbs/advisory-db-3157b0e258782691/crates/cap-primitives/RUSTSEC-2024-0445.md: parse error: TOML parse error at line 8, column 8
|
8 | cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
unsupported CVSS version: 4.0
Additional context
- This issue occurs because cargo deny version 0.18.2 does not support CVSS 4.0.
- The bug is tracked in the upstream repository: link to issue
- Recommendation: Update cargo deny to at least 0.18.6, ideally to the latest version (0.18.9) to avoid similar issues.
- Environment details:
Rust: 1.89
Cargo: 1.89.0
Describe the bug
When running the ODS Rust agent with cargo deny version 0.18.2, the advisory database fails to load due to a TOML parse error caused by an unsupported CVSS version (4.0) in one of the advisories.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The advisory database should load successfully, and cargo deny check should complete without errors.
Log Output
Additional context
Rust: 1.89
Cargo: 1.89.0