41e3f30 chore: update deny and audit — radicle-git

radicle-git

rad:z6cFWeWpnZNHh9rUW8phgA3b5yGt

Git libraries for Radicle

chore: update deny and audit

Fintan Halpenny committed 1 year ago

commit 41e3f30ffcbf989cd9e575c710a1d8ccf2f33b24
parent ecb3969

5 files changed +279 -155

modified Cargo.lock

@@ -166,6 +166,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8"
 [[package]]
 name = "displaydoc"
 version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn",
 ]
 [[package]]
 name = "either"
 version = "1.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"

@@ -282,9 +293,9 @@ name = "git-ref-format-macro"

 version = "0.3.1"
 dependencies = [
  "git-ref-format-core",
  "proc-macro-error",
  "proc-macro-error2",
  "quote",
  "syn 2.0.71",
  "syn",
 ]
 [[package]]

@@ -346,13 +357,142 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
 [[package]]
 name = "icu_collections"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
 dependencies = [
  "displaydoc",
  "yoke",
  "zerofrom",
  "zerovec",
 ]
 [[package]]
 name = "icu_locid"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
 dependencies = [
  "displaydoc",
  "litemap",
  "tinystr",
  "writeable",
  "zerovec",
 ]
 [[package]]
 name = "icu_locid_transform"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
 dependencies = [
  "displaydoc",
  "icu_locid",
  "icu_locid_transform_data",
  "icu_provider",
  "tinystr",
  "zerovec",
 ]
 [[package]]
 name = "icu_locid_transform_data"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e"
 [[package]]
 name = "icu_normalizer"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
 dependencies = [
  "displaydoc",
  "icu_collections",
  "icu_normalizer_data",
  "icu_properties",
  "icu_provider",
  "smallvec",
  "utf16_iter",
  "utf8_iter",
  "write16",
  "zerovec",
 ]
 [[package]]
 name = "icu_normalizer_data"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516"
 [[package]]
 name = "icu_properties"
 version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5"
 dependencies = [
  "displaydoc",
  "icu_collections",
  "icu_locid_transform",
  "icu_properties_data",
  "icu_provider",
  "tinystr",
  "zerovec",
 ]
 [[package]]
 name = "icu_properties_data"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569"
 [[package]]
 name = "icu_provider"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
 dependencies = [
  "displaydoc",
  "icu_locid",
  "icu_provider_macros",
  "stable_deref_trait",
  "tinystr",
  "writeable",
  "yoke",
  "zerofrom",
  "zerovec",
 ]
 [[package]]
 name = "icu_provider_macros"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn",
 ]
 [[package]]
 name = "idna"
 version = "0.5.0"
 version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
 checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
 dependencies = [
  "unicode-bidi",
  "unicode-normalization",
  "idna_adapter",
  "smallvec",
  "utf8_iter",
 ]
 [[package]]
 name = "idna_adapter"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
 dependencies = [
  "icu_normalizer",
  "icu_properties",
 ]
 [[package]]

@@ -425,6 +565,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 [[package]]
 name = "litemap"
 version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104"
 [[package]]
 name = "lock_api"
 version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"

@@ -572,27 +718,25 @@ dependencies = [

 ]
 [[package]]
 name = "proc-macro-error"
 version = "1.0.4"
 name = "proc-macro-error-attr2"
 version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
 dependencies = [
  "proc-macro-error-attr",
  "proc-macro2",
  "quote",
  "syn 1.0.109",
  "version_check",
 ]
 [[package]]
 name = "proc-macro-error-attr"
 version = "1.0.4"
 name = "proc-macro-error2"
 version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
 dependencies = [
  "proc-macro-error-attr2",
  "proc-macro2",
  "quote",
  "version_check",
  "syn",
 ]
 [[package]]

@@ -858,7 +1002,7 @@ checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222"

 dependencies = [
  "proc-macro2",
  "quote",
  "syn 2.0.71",
  "syn",
 ]
 [[package]]

@@ -888,24 +1032,31 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
 [[package]]
 name = "syn"
 version = "1.0.109"
 version = "2.0.71"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
 checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462"
 dependencies = [
  "proc-macro2",
  "quote",
  "unicode-ident",
 ]
 [[package]]
 name = "syn"
 version = "2.0.71"
 name = "synstructure"
 version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462"
 checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
  "proc-macro2",
  "quote",
  "unicode-ident",
  "syn",
 ]
 [[package]]

@@ -973,7 +1124,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261"

 dependencies = [
  "proc-macro2",
  "quote",
  "syn 2.0.71",
  "syn",
 ]
 [[package]]

@@ -987,21 +1138,16 @@ dependencies = [

 ]
 [[package]]
 name = "tinyvec"
 version = "1.8.0"
 name = "tinystr"
 version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938"
 checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
 dependencies = [
  "tinyvec_macros",
  "displaydoc",
  "zerovec",
 ]
 [[package]]
 name = "tinyvec_macros"
 version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tracing"
 version = "0.1.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"

@@ -1020,7 +1166,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"

 dependencies = [
  "proc-macro2",
  "quote",
  "syn 2.0.71",
  "syn",
 ]
 [[package]]

@@ -1082,31 +1228,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
 [[package]]
 name = "unicode-bidi"
 version = "0.3.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75"
 [[package]]
 name = "unicode-ident"
 version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 [[package]]
 name = "unicode-normalization"
 version = "0.1.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5"
 dependencies = [
  "tinyvec",
 ]
 [[package]]
 name = "url"
 version = "2.5.2"
 version = "2.5.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
 checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60"
 dependencies = [
  "form_urlencoded",
  "idna",

@@ -1115,6 +1246,18 @@ dependencies = [

 ]
 [[package]]
 name = "utf16_iter"
 version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
 [[package]]
 name = "utf8_iter"
 version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
 [[package]]
 name = "utf8parse"
 version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"

@@ -1133,12 +1276,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 [[package]]
 name = "version_check"
 version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
 [[package]]
 name = "wait-timeout"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"

@@ -1249,6 +1386,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 [[package]]
 name = "write16"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
 [[package]]
 name = "writeable"
 version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
 [[package]]
 name = "xattr"
 version = "1.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"

@@ -1264,3 +1413,70 @@ name = "yansi"

 version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec"
 [[package]]
 name = "yoke"
 version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40"
 dependencies = [
  "serde",
  "stable_deref_trait",
  "yoke-derive",
  "zerofrom",
 ]
 [[package]]
 name = "yoke-derive"
 version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn",
  "synstructure",
 ]
 [[package]]
 name = "zerofrom"
 version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e"
 dependencies = [
  "zerofrom-derive",
 ]
 [[package]]
 name = "zerofrom-derive"
 version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn",
  "synstructure",
 ]
 [[package]]
 name = "zerovec"
 version = "0.10.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
 dependencies = [
  "yoke",
  "zerofrom",
  "zerovec-derive",
 ]
 [[package]]
 name = "zerovec-derive"
 version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn",
 ]

modified deny.toml

@@ -6,16 +6,8 @@

 db-path = "~/cargo/advisory-db"
 # The url of the advisory database to use
 db-urls = [ "https://github.com/rustsec/advisory-db" ]
 # The lint level for security vulnerabilities
 vulnerability = "deny"
 # The lint level for unmaintained crates
 unmaintained = "warn"
 # The lint level for crates that have been yanked from their source registry
 yanked = "warn"
 # The lint level for crates with security notices. Note that as of
 # 2019-12-17 there are no security notice advisories in
 # https://github.com/rustsec/advisory-db
 notice = "warn"
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [

@@ -35,8 +27,6 @@ ignore = [

 # More documentation for the licenses section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
 [licenses]
 # The lint level for crates which do not have a detectable license
 unlicensed = "deny"
 # List of explictly allowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.7 short identifier (+ optional exception)].

@@ -45,76 +35,9 @@ allow = [

     "BlueOak-1.0.0",
     "GPL-3.0",
     "MIT",
     "Unicode-3.0",
     "Unlicense",
 ]
 # List of explictly disallowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.7 short identifier (+ optional exception)].
 deny = [
     # As per https://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses
     "AGPL-1.0",
 # fails to parse:
 #   "AFL-1.0",
 #   "AFL-1.2",
 #   "AFL-2.0",
 #   "AFL-2.1",
 #   "AFL-3.0",
     "Apache-1.0",
     "Apache-1.1",
     "APSL-2.0",
     "BitTorrent-1.0",
     "BitTorrent-1.1",
     "BSD-4-Clause",
     "CECILL-B",
     "CECILL-C",
     "CDDL-1.0",
     "CDDL-1.1",
     "CNRI-Python",
     "CPAL-1.0",
     "CPL-1.0",
     "Condor-1.1",
     "EPL-1.0",
     "EPL-2.0",
     "EUPL-1.1",
     "EUPL-1.2",
     "gnuplot",
     "IPL-1.0",
     "LPPL-1.3a",
     "LPPL-1.2",
     "LPL-1.02",
     "MS-PL",
     "MS-RL",
     "MPL-1.1",
     "NOSL",
     "NPL-1.0",
     "NPL-1.1",
     "Nokia",
     "OpenSSL",
     "PHP-3.01",
     "QPL-1.0",
     "RPSL-1.0",
     "SISSL",
     "SPL-1.0",
     "xinetd",
     "YPL-1.1",
     "Zend-2.0",
     "Zimbra-1.3",
     "ZPL-1.1"
 ]
 # Lint level for licenses considered copyleft
 copyleft = "allow"
 # Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
 # * both - The license will be approved if it is both OSI-approved *AND* FSF
 # * either - The license will be approved if it is either OSI-approved *OR* FSF
 # * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
 # * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
 # * neither - This predicate is ignored and the default lint level is used
 allow-osi-fsf-free = "both"
 # Lint level used when no other predicates are matched
 # 1. License isn't in the allow or deny lists
 # 2. License isn't copyleft
 # 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
 default = "deny"
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the
 # canonical license text of a valid SPDX license file.

@@ -166,21 +89,6 @@ highlight = "all"

 allow = [
     #{ name = "ansi_term", version = "=0.11.0" },
 ]
 # List of crates to deny
 deny = [
     # Each entry the name of a crate and a version range. If version is
     # not specified, all versions will be matched.
     #{ name = "ansi_term", version = "=0.11.0" },
     { name = "openssl-probe" },
     { name = "openssl-sys" },
     # Pinned crypto libs
     # See radicle-keystore @ 00f8fb6135f8e4cd097a48e6f0700e08ce4abb04
     { name = "chacha20poly1305", version = "> 0.9.0" },
     { name = "ed25519-zebra", version = "> 3.0.0" },
     { name = "curve25519-dalek", version = "> 3.2.1" },
     { name = "scrypt", version = "> 0.8.0" },
 ]
 # Certain crates/versions that will be skipped when doing duplicate detection.
 skip = [
     #{ name = "ansi_term", version = "=0.11.0" },

modified radicle-git-ext/git-ref-format/macro/Cargo.toml

@@ -13,7 +13,7 @@ proc-macro = true

 test = false
 [dependencies]
 proc-macro-error = "1.0.4"
 proc-macro-error2 = "2"
 quote = "1"
 syn = "2"

modified radicle-git-ext/git-ref-format/macro/src/lib.rs

@@ -4,12 +4,12 @@

 // Linking Exception. For full terms see the included LICENSE file.
 #[macro_use]
 extern crate proc_macro_error;
 extern crate proc_macro_error2;
 use std::convert::TryInto;
 use proc_macro::TokenStream;
 use proc_macro_error::abort;
 use proc_macro_error2::abort;
 use quote::quote;
 use syn::{parse_macro_input, LitStr};

modified radicle-surf/Cargo.toml

@@ -33,7 +33,7 @@ base64 = "0.21"

 log = "0.4"
 nonempty = "0.9"
 thiserror = "1.0"
 url = "2.5"
 url = "2.5.4"
 [dependencies.git2]
 version = "0.19"