From a6324314de98982d9f31861b163ba1f220e62a0a Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 09:31:59 +0100 Subject: [PATCH 1/5] chore(release): speed up cargo-deny and fix advisores --- .github/workflows/release.yml | 12 ++++++++++-- deny.toml | 5 ++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4b20a27..cca5aec 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,8 +36,16 @@ jobs: target key: cargo-cache-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} - - name: Install cargo-deny v0.17.0 - run: cargo install cargo-deny --version 0.17.0 --locked + - name: Install cargo-deny (fast) + uses: taiki-e/install-action@v2 + with: + tool: cargo-deny + + - name: Cache cargo-deny DB + uses: actions/cache@v4 + with: + path: ~/.cargo/advisory-db + key: cargo-deny-advisory-db-${{ hashFiles('**/Cargo.toml') }} - name: Run CI checks run: | diff --git a/deny.toml b/deny.toml index d54bf37..4ade50c 100644 --- a/deny.toml +++ b/deny.toml @@ -21,6 +21,5 @@ unknown-registry = "deny" unknown-git = "deny" [advisories] -unmaintained = "workspace" -ignore = [ -] +# Example: check for crates yanked or with security advisories +warn-on = ["yanked", "security"] \ No newline at end of file From 745ba8656b3367676736ae62945634eb009d7f10 Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 09:34:35 +0100 Subject: [PATCH 2/5] chore(deny): key word --- deny.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deny.toml b/deny.toml index 4ade50c..92af7ff 100644 --- a/deny.toml +++ b/deny.toml @@ -21,5 +21,5 @@ unknown-registry = "deny" unknown-git = "deny" [advisories] -# Example: check for crates yanked or with security advisories -warn-on = ["yanked", "security"] \ No newline at end of file +# Example: check for crates yanked or with security vulnerabilities +warn-on = ["yanked", "vulnerability"] \ No newline at end of file From dba4a61517b4ef4fb55958bce274ab606e021b05 Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 09:36:58 +0100 Subject: [PATCH 3/5] chore(deny): keywords --- deny.toml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/deny.toml b/deny.toml index 92af7ff..f139ac9 100644 --- a/deny.toml +++ b/deny.toml @@ -20,6 +20,11 @@ exceptions = [ unknown-registry = "deny" unknown-git = "deny" +[vulnerability] +deny = ["*"] + +[yanked] +deny = ["*"] + [advisories] -# Example: check for crates yanked or with security vulnerabilities -warn-on = ["yanked", "vulnerability"] \ No newline at end of file +# optional: ignore certain advisories \ No newline at end of file From e0df6c4c6bf8c54b19672b4cbee855b681f9047c Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 09:44:13 +0100 Subject: [PATCH 4/5] chore(deny): empty advisores --- deny.toml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/deny.toml b/deny.toml index f139ac9..d48d86e 100644 --- a/deny.toml +++ b/deny.toml @@ -20,11 +20,4 @@ exceptions = [ unknown-registry = "deny" unknown-git = "deny" -[vulnerability] -deny = ["*"] - -[yanked] -deny = ["*"] - [advisories] -# optional: ignore certain advisories \ No newline at end of file From 027350323121e2fab797445b51906e5ca085f684 Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 09:45:34 +0100 Subject: [PATCH 5/5] chore(deny): licenses --- deny.toml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/deny.toml b/deny.toml index d48d86e..80f57c0 100644 --- a/deny.toml +++ b/deny.toml @@ -3,17 +3,7 @@ # We want really high confidence when inferring licenses from text confidence-threshold = 0.93 allow = [ - "Apache-2.0", - "Apache-2.0 WITH LLVM-exception", - "MIT", - "BSD-3-Clause", - "ISC", - "Unicode-3.0", - "Zlib", -] -exceptions = [ - # Use exceptions for these as they only have a single user - { allow = ["CDLA-Permissive-2.0"], crate = "webpki-roots" }, + "MIT" ] [sources]