Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update to latest cargo deny #2746

Merged
merged 5 commits into from
Aug 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/cargo-license.yaml
EmilLuta marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ jobs:
cargo-deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
- uses: EmbarkStudios/cargo-deny-action@68cd9c5e3e16328a430a37c743167572e3243e7e
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2.0.1
53 changes: 35 additions & 18 deletions deny.toml
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
[graph]
targets = []
all-features = false
no-default-features = false

[output]
feature-depth = 1

[advisories]
vulnerability = "deny"
EmilLuta marked this conversation as resolved.
Show resolved Hide resolved
unmaintained = "warn"
yanked = "warn"
notice = "warn"
ignore = []
ignore = [
"RUSTSEC-2023-0045", # memoffset vulnerability, dependency coming from bellman_ce
"RUSTSEC-2022-0041", # crossbeam-utils vulnerability, dependency coming from bellman_ce
"RUSTSEC-2024-0320", # yaml_rust dependency being unmaintained, dependency in core, we should consider moving to yaml_rust2 fork
"RUSTSEC-2020-0168", # mach dependency being unmaintained, dependency in consensus, we should consider moving to mach2 fork
# all below caused by StructOpt which we still use and we should move to clap v3 instead
"RUSTSEC-2021-0145",
"RUSTSEC-2021-0139",

]

[licenses]
unlicensed = "deny"
EmilLuta marked this conversation as resolved.
Show resolved Hide resolved
allow = [
"MIT",
"Apache-2.0",
Expand All @@ -23,34 +32,42 @@ allow = [
"Zlib",
"OpenSSL",
]
copyleft = "warn"
allow-osi-fsf-free = "neither"
default = "deny"
confidence-threshold = 0.8
exceptions = [
{ name = "ring", allow = ["OpenSSL"] },
]
unused-allowed-license = "allow"

[[licenses.clarify]]
name = "ring"
expression = "OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 },
]
crate = "ring"
# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
# https://spdx.org/licenses/OpenSSL.html
# ISC - Both BoringSSL and ring use this for their new files
# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
# license, for third_party/fiat, which, unlike other third_party directories, is
# compiled into non-test libraries, is included below."
# OpenSSL - Obviously
expression = "ISC AND MIT AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]

[licenses.private]
ignore = false
registries = []

[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"
allow = []
deny = []
skip = []
skip-tree = []

[sources]
unknown-registry = "deny"
unknown-git = "allow"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []

[sources.allow-org]
github = []
gitlab = []
bitbucket = []
9 changes: 4 additions & 5 deletions prover/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion prover/crates/bin/prover_version/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
[package]
name = "prover_version"
version = "0.1.0"
version.workspace = true
edition.workspace = true
authors.workspace = true
homepage.workspace = true
repository.workspace = true
license.workspace = true
keywords.workspace = true
categories.workspace = true

[dependencies]
zksync_prover_fri_types.workspace = true
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ serde = { workspace = true, features = ["derive"] }
serde_derive.workspace = true
itertools.workspace = true
bincode.workspace = true
structopt.workspace = true
once_cell.workspace = true
toml_edit.workspace = true
md5.workspace = true
Expand Down
8 changes: 4 additions & 4 deletions zk_toolbox/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading