{"id":20148222,"url":"https://github.com/chainguard-dev/cargobump","last_synced_at":"2025-06-14T05:07:36.930Z","repository":{"id":257012396,"uuid":"857015024","full_name":"chainguard-dev/cargobump","owner":"chainguard-dev","description":"Rust tool to declaratively bump dependencies using cargo","archived":false,"fork":false,"pushed_at":"2025-06-08T20:00:18.000Z","size":158,"stargazers_count":3,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-08T21:17:57.370Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainguard-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-09-13T16:32:19.000Z","updated_at":"2025-06-08T20:46:59.000Z","dependencies_parsed_at":"2024-12-06T22:28:40.492Z","dependency_job_id":"d311a5f7-9819-4705-b419-91d53f9148a9","html_url":"https://github.com/chainguard-dev/cargobump","commit_stats":null,"previous_names":["chainguard-dev/cargobump"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/chainguard-dev/cargobump","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fcargobump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fcargobump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fcargobump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fcargobump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainguard-dev","download_url":"https://codeload.github.com/chainguard-dev/cargobump/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fcargobump/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259763102,"owners_count":22907413,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T22:35:42.720Z","updated_at":"2025-06-14T05:07:36.910Z","avatar_url":"https://github.com/chainguard-dev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cargobump\n\nRust tool to declaratively bump dependencies using cargo.\n\n# Usage\n\nThe idea is that there are some `packages` that should be applied to the upstream\nCargo.lock file. You can specify these via `--packages` flag, or via\n`--bump-file`.\n\n## Specifying Dependencies to be patched\n\nYou can specify the patches that should be applied two ways. They are mutually\nexclusive, so you can only specify one of them at the time.\n\n### --packages flag\n\nYou can specify patches via `--packages` flag by encoding them\n(similarly to gobump) in the following format:\n\n```shell\n--packages=\"\u003cname@version[@scope[@type]]\u003e \u003cname...\u003e\"\n```\n\n\n\n### --bump-file flag\n\nYou can specify a yaml file that contains the patches, which is the preferred\nway, because it's less error prone, and allows for inline comments to keep track\nof which patches are for which CVEs.\n\nAn example yaml file looks like this:\n```yaml\npatches:\n  # CVE-2023-34062\n  - name: tokio\n    version: 1.0.39\n  # CVE-2023-5072\n  - name: chrono\n    version: \"20231013\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fcargobump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainguard-dev%2Fcargobump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fcargobump/lists"}