From 415036c5d9aac779d03fee9b16ad3a65399a103e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 09:06:07 +0000 Subject: [PATCH 1/4] Bump EmbarkStudios/cargo-deny-action in the github-actions group Bumps the github-actions group with 1 update: [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action). Updates `EmbarkStudios/cargo-deny-action` from 1 to 2 - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v1...v2) --- updated-dependencies: - dependency-name: EmbarkStudios/cargo-deny-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 640f112c6ef..8c719b481ae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -187,7 +187,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: EmbarkStudios/cargo-deny-action@v1 + - uses: EmbarkStudios/cargo-deny-action@v2 with: command: check ${{ matrix.checks }} From 78a7e32c34150dece4065e513cd177356619419f Mon Sep 17 00:00:00 2001 From: Sebastian Thiel Date: Mon, 5 Aug 2024 13:58:48 +0200 Subject: [PATCH 2/4] make `winnow` a workspace dependency --- Cargo.toml | 1 + gix-actor/Cargo.toml | 2 +- gix-config/Cargo.toml | 6 +++--- gix-object/Cargo.toml | 2 +- gix-protocol/Cargo.toml | 2 +- gix-ref/Cargo.toml | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 09292995d75..058f70ea79d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -303,6 +303,7 @@ futures-lite = { version = "2.1.0", default-features = false, features = ["std"] faster-hex = { version = "0.9.0", default-features = false } reqwest = { version = "0.12.0", default-features = false, features = ["charset", "http2", "macos-system-configuration"] } # all but the 'default-tls' feature curl = { version = "0.4" } +winnow = { version = "0.6.0", features = ["simd"] } [package.metadata.docs.rs] features = ["document-features", "max"] diff --git a/gix-actor/Cargo.toml b/gix-actor/Cargo.toml index a7e009b3fbd..5feb547af64 100644 --- a/gix-actor/Cargo.toml +++ b/gix-actor/Cargo.toml @@ -26,7 +26,7 @@ bstr = { version = "1.3.0", default-features = false, features = [ "std", "unicode", ] } -winnow = { version = "0.6.0", features = ["simd"] } +winnow.workspace = true itoa = "1.0.1" serde = { version = "1.0.114", optional = true, default-features = false, features = [ "derive", diff --git a/gix-config/Cargo.toml b/gix-config/Cargo.toml index 5fdb0f7ce93..82ec45d1cff 100644 --- a/gix-config/Cargo.toml +++ b/gix-config/Cargo.toml @@ -17,19 +17,19 @@ autotests = false serde = ["dep:serde", "bstr/serde", "gix-sec/serde", "gix-ref/serde", "gix-glob/serde", "gix-config-value/serde"] [dependencies] -gix-features = { version = "^0.38.2", path = "../gix-features"} +gix-features = { version = "^0.38.2", path = "../gix-features" } gix-config-value = { version = "^0.14.7", path = "../gix-config-value" } gix-path = { version = "^0.10.9", path = "../gix-path" } gix-sec = { version = "^0.10.7", path = "../gix-sec" } gix-ref = { version = "^0.45.0", path = "../gix-ref" } gix-glob = { version = "^0.16.4", path = "../gix-glob" } -winnow = { version = "0.6.0", features = ["simd"] } +winnow.workspace = true memchr = "2" thiserror = "1.0.26" unicode-bom = "2.0.2" bstr = { version = "1.3.0", default-features = false, features = ["std"] } -serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"]} +serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] } smallvec = "1.9.0" once_cell = "1.14.0" diff --git a/gix-object/Cargo.toml b/gix-object/Cargo.toml index c4d86357175..7e59ab8080a 100644 --- a/gix-object/Cargo.toml +++ b/gix-object/Cargo.toml @@ -50,7 +50,7 @@ bstr = { version = "1.3.0", default-features = false, features = [ "std", "unicode", ] } -winnow = { version = "0.6.0", features = ["simd"] } +winnow.workspace = true smallvec = { version = "1.4.0", features = ["write"] } serde = { version = "1.0.114", optional = true, default-features = false, features = [ "derive", diff --git a/gix-protocol/Cargo.toml b/gix-protocol/Cargo.toml index 0db90afb7fe..c828ad39822 100644 --- a/gix-protocol/Cargo.toml +++ b/gix-protocol/Cargo.toml @@ -62,7 +62,7 @@ bstr = { version = "1.3.0", default-features = false, features = [ "std", "unicode", ] } -winnow = { version = "0.6.0", features = ["simd"] } +winnow.workspace = true # for async-client async-trait = { version = "0.1.51", optional = true } diff --git a/gix-ref/Cargo.toml b/gix-ref/Cargo.toml index 494fd5efc9f..e8b9b7aadae 100644 --- a/gix-ref/Cargo.toml +++ b/gix-ref/Cargo.toml @@ -31,7 +31,7 @@ gix-lock = { version = "^14.0.0", path = "../gix-lock" } gix-tempfile = { version = "^14.0.0", default-features = false, path = "../gix-tempfile" } thiserror = "1.0.34" -winnow = { version = "0.6.0", features = ["simd"] } +winnow.workspace = true serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] } # packed refs From 89d77dc262f3b576ab4f4939e65cac866da18927 Mon Sep 17 00:00:00 2001 From: Sebastian Thiel Date: Mon, 5 Aug 2024 14:01:13 +0200 Subject: [PATCH 3/4] use workspace dependency for `unicode-bom` --- Cargo.toml | 2 ++ gix-attributes/Cargo.toml | 8 ++++---- gix-config/Cargo.toml | 2 +- gix-ignore/Cargo.toml | 8 ++++---- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 058f70ea79d..6564976c9e6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -304,6 +304,8 @@ faster-hex = { version = "0.9.0", default-features = false } reqwest = { version = "0.12.0", default-features = false, features = ["charset", "http2", "macos-system-configuration"] } # all but the 'default-tls' feature curl = { version = "0.4" } winnow = { version = "0.6.0", features = ["simd"] } +unicode-bom = "2.0.2" + [package.metadata.docs.rs] features = ["document-features", "max"] diff --git a/gix-attributes/Cargo.toml b/gix-attributes/Cargo.toml index 091299bbbd8..b77945a0417 100644 --- a/gix-attributes/Cargo.toml +++ b/gix-attributes/Cargo.toml @@ -22,17 +22,17 @@ gix-quote = { version = "^0.4.12", path = "../gix-quote" } gix-glob = { version = "^0.16.4", path = "../gix-glob" } gix-trace = { version = "^0.1.8", path = "../gix-trace" } -bstr = { version = "1.3.0", default-features = false, features = ["std", "unicode"]} +bstr = { version = "1.3.0", default-features = false, features = ["std", "unicode"] } smallvec = "1.10.0" kstring = "2.0.0" -unicode-bom = "2.0.2" +unicode-bom.workspace = true thiserror = "1.0.26" -serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"]} +serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] } document-features = { version = "0.2.1", optional = true } [dev-dependencies] -gix-testtools = { path = "../tests/tools"} +gix-testtools = { path = "../tests/tools" } gix-fs = { path = "../gix-fs" } [package.metadata.docs.rs] diff --git a/gix-config/Cargo.toml b/gix-config/Cargo.toml index 82ec45d1cff..ccc4d343386 100644 --- a/gix-config/Cargo.toml +++ b/gix-config/Cargo.toml @@ -27,7 +27,7 @@ gix-glob = { version = "^0.16.4", path = "../gix-glob" } winnow.workspace = true memchr = "2" thiserror = "1.0.26" -unicode-bom = "2.0.2" +unicode-bom.workspace = true bstr = { version = "1.3.0", default-features = false, features = ["std"] } serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] } smallvec = "1.9.0" diff --git a/gix-ignore/Cargo.toml b/gix-ignore/Cargo.toml index 9829615129c..e9f55971ef0 100644 --- a/gix-ignore/Cargo.toml +++ b/gix-ignore/Cargo.toml @@ -21,14 +21,14 @@ gix-glob = { version = "^0.16.4", path = "../gix-glob" } gix-path = { version = "^0.10.9", path = "../gix-path" } gix-trace = { version = "^0.1.8", path = "../gix-trace" } -bstr = { version = "1.3.0", default-features = false, features = ["std", "unicode"]} -unicode-bom = "2.0.2" -serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"]} +bstr = { version = "1.3.0", default-features = false, features = ["std", "unicode"] } +unicode-bom.workspace = true +serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] } document-features = { version = "0.2.1", optional = true } [dev-dependencies] -gix-testtools = { path = "../tests/tools"} +gix-testtools = { path = "../tests/tools" } gix-fs = { path = "../gix-fs" } [package.metadata.docs.rs] From e42e88baa5e97f69a30c33ca8d4acf378f379c5f Mon Sep 17 00:00:00 2001 From: Sebastian Thiel Date: Mon, 5 Aug 2024 14:04:38 +0200 Subject: [PATCH 4/4] adjust `deny.toml` to make audit pass --- deny.toml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/deny.toml b/deny.toml index bd16612e281..24292259827 100644 --- a/deny.toml +++ b/deny.toml @@ -8,10 +8,7 @@ # More documentation for the advisories section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html [advisories] -ignore = [ - # this is `rustls@0.20.9` coming in with `curl`, which doesn't have an update yet. It's only active optionally, not by default. - "RUSTSEC-2024-0336", -] +ignore = [] @@ -29,10 +26,10 @@ allow = [ "MIT", "MIT-0", "ISC", - "Unicode-DFS-2016", "LicenseRef-ring", + "Unicode-DFS-2016", "Zlib", - "Unicode-3.0" + "MPL-2.0" ] # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the