Skip to content

Add `cargo deny`

pinkforest requested to merge pinkforest/arti:add-cargo-deny into main

Adds cargo deny configuration advisories ok, bans ok, licenses ok, sources ok

Warnings encountered

warning[duplicate]: found 2 duplicate entries for crate 'bitflags'
warning[duplicate]: found 2 duplicate entries for crate 'block-buffer'
warning[duplicate]: found 2 duplicate entries for crate 'curve25519-dalek'
warning[duplicate]: found 2 duplicate entries for crate 'darling'
warning[duplicate]: found 2 duplicate entries for crate 'darling_core'
warning[duplicate]: found 2 duplicate entries for crate 'darling_macro'
warning[duplicate]: found 2 duplicate entries for crate 'der'
warning[duplicate]: found 2 duplicate entries for crate 'digest'
warning[duplicate]: found 2 duplicate entries for crate 'getrandom'
warning[duplicate]: found 2 duplicate entries for crate 'hashbrown'
warning[duplicate]: found 3 duplicate entries for crate 'hermit-abi'
warning[duplicate]: found 2 duplicate entries for crate 'humantime'
warning[duplicate]: found 2 duplicate entries for crate 'idna'
warning[duplicate]: found 2 duplicate entries for crate 'libm'
warning[duplicate]: found 2 duplicate entries for crate 'miniz_oxide'
warning[duplicate]: found 2 duplicate entries for crate 'pem-rfc7468'
warning[duplicate]: found 2 duplicate entries for crate 'pkcs8'
warning[duplicate]: found 2 duplicate entries for crate 'rand'
warning[duplicate]: found 2 duplicate entries for crate 'rand_chacha'
warning[duplicate]: found 2 duplicate entries for crate 'rand_core'
warning[duplicate]: found 2 duplicate entries for crate 'redox_syscall'
warning[duplicate]: found 2 duplicate entries for crate 'regex-syntax'
warning[duplicate]: found 2 duplicate entries for crate 'sha2'
warning[duplicate]: found 2 duplicate entries for crate 'signature'
warning[duplicate]: found 2 duplicate entries for crate 'spki'
warning[duplicate]: found 2 duplicate entries for crate 'syn'
warning[duplicate]: found 2 duplicate entries for crate 'toml'
warning[duplicate]: found 2 duplicate entries for crate 'untrusted'
warning[duplicate]: found 2 duplicate entries for crate 'wasi'
warning[duplicate]: found 3 duplicate entries for crate 'windows-sys'
warning[duplicate]: found 2 duplicate entries for crate 'windows-targets'
warning[duplicate]: found 2 duplicate entries for crate 'windows_aarch64_gnullvm'
warning[duplicate]: found 2 duplicate entries for crate 'windows_aarch64_msvc'
warning[duplicate]: found 2 duplicate entries for crate 'windows_i686_gnu'
warning[duplicate]: found 2 duplicate entries for crate 'windows_i686_msvc'
warning[duplicate]: found 2 duplicate entries for crate 'windows_x86_64_gnu'
warning[duplicate]: found 2 duplicate entries for crate 'windows_x86_64_gnullvm'
warning[duplicate]: found 2 duplicate entries for crate 'windows_x86_64_msvc'
warning[unsound]: Potential unaligned read
warning[unmaintained]: `users` crate is unmaintained

That unaligned read soundness issue is about atty - it will go away with clap 4 as it was moved to using is_terminal

The duplicated dependencies are just diff SemVer incompat versions via dependency tree separate places e.g.:

bitflags@1.3.2 & 2.3.1 block-buffer@0.9.0, 0.10.4 ..

curve25519-dalek seems to got 3.2.0 duplicate via ed25519-dalek -

That can be bumped to synced rc.2 to get rid of this dup:

$ cargo tree -i curve25519-dalek@3.2.0
curve25519-dalek v3.2.0
��������� ed25519-dalek v1.0.1
���   ��������� tor-llcrypto v0.5.1 (/home/tdev/code/arti/crates/tor-llcrypto)
Edited by pinkforest

Merge request reports