From 3e9fa6dfb4231ee7bc1dda07fc8189ec9c1e486b Mon Sep 17 00:00:00 2001 From: Emil Ernerfeldt Date: Wed, 17 Apr 2024 13:07:20 +0200 Subject: [PATCH] Update `cargo-deny` (#5999) ### What ### Checklist * [x] I have read and agree to [Contributor Guide](https://github.com/rerun-io/rerun/blob/main/CONTRIBUTING.md) and the [Code of Conduct](https://github.com/rerun-io/rerun/blob/main/CODE_OF_CONDUCT.md) * [x] I've included a screenshot or gif (if applicable) * [x] I have tested the web demo (if applicable): * Using examples from latest `main` build: [rerun.io/viewer](https://rerun.io/viewer/pr/5999?manifest_url=https://app.rerun.io/version/main/examples_manifest.json) * Using full set of examples from `nightly` build: [rerun.io/viewer](https://rerun.io/viewer/pr/5999?manifest_url=https://app.rerun.io/version/nightly/examples_manifest.json) * [x] The PR title and labels are set such as to maximize their usefulness for the next release's CHANGELOG * [x] If applicable, add a new check to the [release checklist](https://github.com/rerun-io/rerun/blob/main/tests/python/release_checklist)! - [PR Build Summary](https://build.rerun.io/pr/5999) - [Recent benchmark results](https://build.rerun.io/graphs/crates.html) - [Wasm size tracking](https://build.rerun.io/graphs/sizes.html) To run all checks from `main`, comment on the PR with `@rerun-bot full-check`. --- Cargo.lock | 14 ++------------ deny.toml | 26 +++++++++++++++++--------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6047ec37e818..1d54c9a4d249 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2710,15 +2710,14 @@ dependencies = [ [[package]] name = "insta" -version = "1.29.0" +version = "1.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a28d25139df397cbca21408bb742cf6837e04cdbebf1b07b760caf971d6a972" +checksum = "3eab73f58e59ca6526037208f0e98851159ec1633cf17b6cd2e1f2c3fd5d53cc" dependencies = [ "console", "lazy_static", "linked-hash-map", "similar", - "yaml-rust", ] [[package]] @@ -7737,15 +7736,6 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1dbabb1cbd15a1d6d12d9ed6b35cc6777d4af87ab3ba155ea37215f20beab80c" -[[package]] -name = "yaml-rust" -version = "0.4.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85" -dependencies = [ - "linked-hash-map", -] - [[package]] name = "zbus" version = "3.14.1" diff --git a/deny.toml b/deny.toml index dfc8af646a78..c7773eb03dd2 100644 --- a/deny.toml +++ b/deny.toml @@ -6,8 +6,10 @@ # Install: `cargo install cargo-deny` # Check: `cargo deny check`. + # Note: running just `cargo deny check` without a `--target` can result in # false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324 +[graph] targets = [ { triple = "aarch64-apple-darwin" }, { triple = "i686-pc-windows-gnu" }, @@ -21,16 +23,19 @@ targets = [ { triple = "x86_64-unknown-linux-musl" }, { triple = "x86_64-unknown-redox" }, ] +all-features = true + [advisories] -vulnerability = "deny" -unmaintained = "warn" -yanked = "deny" -ignore = [] +version = 2 +ignore = [ + "RUSTSEC-2023-0081", # TODO(#5998): unmaintained crate "safemem" pulled in by "cargo-run-wasm" +] + [bans] multiple-versions = "deny" -wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed +wildcards = "allow" # We use them for examples deny = [ { name = "cgmath" }, # We use glam { name = "cmake" }, # Never again @@ -69,11 +74,9 @@ skip-tree = [ [licenses] +version = 2 private = { ignore = true } -unlicensed = "deny" -allow-osi-fsf-free = "neither" -confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text -copyleft = "deny" +confidence-threshold = 0.93 # We want really high confidence when inferring licenses from text allow = [ "Apache-2.0 WITH LLVM-exception", # https://spdx.org/licenses/LLVM-exception.html "Apache-2.0", # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0) @@ -91,6 +94,7 @@ allow = [ "Unicode-DFS-2016", # https://spdx.org/licenses/Unicode-DFS-2016.html "Zlib", # https://tldrlegal.com/license/zlib-libpng-license-(zlib) ] +exceptions = [] [[licenses.clarify]] name = "webpki" @@ -103,5 +107,9 @@ expression = "MIT AND ISC AND OpenSSL" license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }] +[sources] +unknown-registry = "deny" +unknown-git = "deny" + [sources.allow-org] github = ["emilk", "rerun-io"]