diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9533aa3a..f8f18c8f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,7 +2,7 @@ name: CI on: push: - branches: [master] + branches: [main] pull_request: jobs: diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml new file mode 100644 index 00000000..e96af9f3 --- /dev/null +++ b/.github/workflows/deps.yml @@ -0,0 +1,19 @@ +name: deps + +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: [cron: "00 00 * * *"] + +jobs: + cargo-deny: + name: cargo deny check + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@v3 + - uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check all \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index dfea00db..87c51e4b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,6 +3,7 @@ name = "foundry-compilers" authors = ["Foundry Maintainers"] version = "0.1.0" readme = "README.md" +license = "MIT OR Apache-2.0" description = "Utilities for working with solidity compilers, namely solc" keywords = ["foundry", "solidity", "solc", "ethereum", "ethers"] edition = "2021" @@ -27,8 +28,6 @@ serde_json = "1.0" # tracing tracing = "0.1.37" -tracing-subscriber = { version = "0.3.17", default-features = false } -tracing-futures = "0.2.5" tiny-keccak = { version = "2.0.2", default-features = false } sha2 = { version = "0.10.7", default-features = false, optional = true } @@ -62,22 +61,10 @@ svm = { package = "svm-rs", version = "0.3", default-features = false, features ], optional = true } svm-builds = { package = "svm-rs-builds", version = "0.2", optional = true } tokio = { version = "1.32", features = ["rt-multi-thread"] } -tokio-tungstenite = { version = "0.20", default-features = false } -futures = { version = "0.3.28", default-features = false, features = ["std"] } -futures-core = "0.3.28" -futures-util = "0.3.28" -futures-executor = "0.3.28" -futures-channel = "0.3.28" -futures-locks = { version = "0.7.1", default-features = false } -futures-timer = { version = "3.0.2", default-features = false, features = ["wasm-bindgen"] } -pin-project = "1.1" -reqwest = { version = "0.11.19", default-features = false } -url = { version = "2.4", default-features = false } [dev-dependencies] criterion = { version = "0.5", features = ["async_tokio"] } -env_logger = "0.10.0" tracing-subscriber = { version = "0.3.17", default-features = false, features = ["env-filter", "fmt"] } rand = "0.8" pretty_assertions = "1" diff --git a/deny.toml b/deny.toml new file mode 100644 index 00000000..8b00f2f4 --- /dev/null +++ b/deny.toml @@ -0,0 +1,94 @@ +# This section is considered when running `cargo deny check advisories` +# More documentation for the advisories section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html +[advisories] +vulnerability = "deny" +unmaintained = "warn" +unsound = "warn" +yanked = "warn" +notice = "warn" + +# This section is considered when running `cargo deny check bans`. +# More documentation about the 'bans' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html +[bans] +# Lint level for when multiple versions of the same crate are detected +multiple-versions = "warn" +# Lint level for when a crate version requirement is `*` +wildcards = "deny" +highlight = "all" +# List of crates to deny +deny = [ + # Each entry the name of a crate and a version range. If version is + # not specified, all versions will be matched. + #{ name = "ansi_term", version = "=0.11.0" }, +] +# Certain crates/versions that will be skipped when doing duplicate detection. +skip = [] +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Unlike skip, it also includes the entire tree of transitive +# dependencies starting at the specified crate, up to a certain depth, which is +# by default infinite +skip-tree = [] + +[licenses] +unlicensed = "deny" +confidence-threshold = 0.9 +# copyleft = "deny" + +# List of explicitly allowed licenses +# See https://spdx.org/licenses/ for list of possible licenses +# [possible values: any SPDX 3.7 short identifier (+ optional exception)]. +allow = [ + "MIT", + "MIT-0", + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "BSD-2-Clause", + "BSD-3-Clause", + "ISC", + "Unicode-DFS-2016", + "Unlicense", + "MPL-2.0", + # https://github.com/briansmith/ring/issues/902 + "LicenseRef-ring", + # https://github.com/briansmith/webpki/issues/148 + "LicenseRef-webpki", +] + +# Allow 1 or more licenses on a per-crate basis, so that particular licenses +# aren't accepted for every possible crate as with the normal allow list +exceptions = [ + # CC0 is a permissive license but somewhat unclear status for source code + # so we prefer to not have dependencies using it + # https://tldrlegal.com/license/creative-commons-cc0-1.0-universal + { allow = ["CC0-1.0"], name = "tiny-keccak" }, + { allow = ["CC0-1.0"], name = "trezor-client" }, + { allow = ["CC0-1.0"], name = "constant_time_eq" }, +] + +[[licenses.clarify]] +name = "ring" +expression = "LicenseRef-ring" +license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }] + +[[licenses.clarify]] +name = "webpki" +expression = "LicenseRef-webpki" +license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] + +[[licenses.clarify]] +name = "rustls-webpki" +expression = "LicenseRef-webpki" +license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] + +# This section is considered when running `cargo deny check sources`. +# More documentation about the 'sources' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html +[sources] +# Lint level for what to happen when a crate from a crate registry that is not +# in the allow list is encountered +unknown-registry = "deny" +# Lint level for what to happen when a crate from a git repository that is not +# in the allow list is encountered +unknown-git = "deny" \ No newline at end of file