Improving Performance and Security: cargo-audit 0.18 for Rust
The latest release of cargo-audit, version 0.18, brings significant improvements in performance, compatibility, and security for Rust projects. One of the major performance enhancements is the use of the sparse crates.io index, which eliminates the need to download the entire index, resulting in a much faster scanning process. Additionally, cargo-audit now utilizes rustls, a memory-safe TLS implementation, instead of OpenSSL, providing a more secure environment. Compatibility issues have also been addressed by switching from libgit2 to gitoxide as the git implementation. However, it's important to note that this release only supports x86 and ARM CPU architectures, as rustls does not yet support other architectures. The cargo audit fix subcommand, which automatically upgrades vulnerable dependencies, has not been converted to use the new improvements and remains disabled by default. Developers can report any issues they encounter due to these changes. Overall, cargo-audit 0.18 is a significant step forward in ensuring the security and performance of Rust projects.