From 362358afa75b32859ee14bce6cf0e82c78973d91 Mon Sep 17 00:00:00 2001 From: Jordan Doyle Date: Tue, 12 Nov 2024 23:12:59 +0000 Subject: [PATCH] Add cargo-deny --- .github/workflows/ci.yml | 12 +++++++--- Cargo.lock | 13 ++-------- Cargo.toml | 2 +- deny.toml | 51 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 15 deletions(-) create mode 100644 deny.toml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cb38fcf..e147f96 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ jobs: name: Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions-rs/toolchain@v1 with: profile: minimal @@ -36,7 +36,7 @@ jobs: name: Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions-rs/toolchain@v1 with: profile: minimal @@ -47,11 +47,17 @@ jobs: with: command: fmt + cargo-deny: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: EmbarkStudios/cargo-deny-action@v1 + clippy: name: Clippy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions-rs/toolchain@v1 with: profile: minimal diff --git a/Cargo.lock b/Cargo.lock index f76cb64..14f8587 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -205,7 +205,7 @@ dependencies = [ "bitflags", "cexpr", "clang-sys", - "itertools 0.12.1", + "itertools", "lazy_static", "lazycell", "proc-macro2", @@ -1822,15 +1822,6 @@ dependencies = [ "either", ] -[[package]] -name = "itertools" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" -dependencies = [ - "either", -] - [[package]] name = "itoa" version = "1.0.11" @@ -2521,7 +2512,7 @@ dependencies = [ "gix", "httparse", "humantime", - "itertools 0.13.0", + "itertools", "kanal", "md5", "moka", diff --git a/Cargo.toml b/Cargo.toml index fd925a4..0bc333e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,7 +42,7 @@ gix = { version = "0.67", default-features = false, features = [ ] } httparse = "1.9" humantime = "2.1" -itertools = "0.13.0" +itertools = "0.12.1" kanal = "0.1.0-pre8" md5 = "0.7" moka = { version = "0.12.0", features = ["future"] } diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..19ac81d --- /dev/null +++ b/deny.toml @@ -0,0 +1,51 @@ +[graph] +targets = [] +all-features = false +no-default-features = false + +[output] +feature-depth = 1 + +[advisories] +ignore = [] + +[licenses] +allow = [ + "MIT", + "Apache-2.0", + "Unicode-3.0", + "Unicode-DFS-2016", + "WTFPL", + "BSL-1.0", + "CC0-1.0", + "BSD-3-Clause", + "ISC", + "Zlib", + "BSD-2-Clause", +] +confidence-threshold = 0.8 +exceptions = [] + +[bans] +multiple-versions = "warn" +wildcards = "allow" +highlight = "all" +workspace-default-features = "allow" +external-default-features = "allow" +allow = [] +deny = [] +skip = [ + { crate = "sync_wrapper@0.1.2", reason = "tower has not upgraded to 1.0 yet" }, + { crate = "windows-sys@0.52.0", reason = "gix pulls in two separate versions" }, + { crate = "hashbrown@0.14.5", reason = "gix has not upgraded their version of dashmap" }, +] +skip-tree = [ + { name = "matchers", reason = "tracing-subscriber's env-filter pulls in an ancient regex version" } +] + +[sources] +unknown-registry = "warn" +unknown-git = "warn" +allow-registry = ["https://github.com/rust-lang/crates.io-index"] +allow-git = [] +