mawkler

I've always hated the fact that Nix silently ignores any file that's not tracked by Git. Partly because I always forget this and have to re-build every time that I add a new file. But also the fact that Nix is coupled to VCS.

jj is a new VCS that wraps git. jj has a slightly different (improved) workflow, and doesn't have a staging area. What this means for Nix is that whenever I create a new file I have to run jj status (the equivalent to git status) before I can build with Nix, which feels incredibly silly to me.

Thanks for coming to my Ted talk.

So I ran cargo audit on a project and got the following output:

error: 4 vulnerabilities found!
warning: 8 allowed warnings found

What do I do to fix these errors? The vulnerabilities are in dependencies of my dependencies, and they seem to be using an older version of a package. Is my only option to upgrade my own dependencies (which would take a non-trivial amount of work), or is there any way to tell my dependencies to use a newer version of those vulnerable packages like how npm audit fix works? I'm guessing that's what cargo audit fix is supposed to do, but in my case it wasn't able to fix any of the vulnerabilities.

I tried searching the web, but there was surprisingly little information on this stuff.