Upgrade cargo-deny (#1529)

svix-jplatte · web-flow · commit 33bc66945604 · 2024-11-20T17:12:11.000+01:00
diff --git a/.github/workflows/bridge-ci.yml b/.github/workflows/bridge-ci.yml
@@ -91,20 +91,3 @@ jobs:
     - name: Idle Test
       working-directory: bridge
       run: ./run-idle-test.sh
-
-
-#  deny-check:
-#    name: cargo-deny check
-#    runs-on: ubuntu-24.04
-#    continue-on-error: ${{ matrix.checks == 'advisories' }}
-#    strategy:
-#      matrix:
-#        checks:
-#          - advisories
-#          - bans licenses sources
-#    steps:
-#      - uses: actions/checkout@v4
-#      - uses: EmbarkStudios/cargo-deny-action@v1
-#        with:
-#          command: check ${{ matrix.checks }}
-#          arguments: --all-features --manifest-path axum/Cargo.toml
diff --git a/.github/workflows/bridge-security.yml b/.github/workflows/bridge-security.yml
@@ -24,6 +24,6 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
         with:
           manifest-path: bridge/Cargo.toml
diff --git a/.github/workflows/rust-security.yml b/.github/workflows/rust-security.yml
@@ -19,6 +19,6 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
         with:
           manifest-path: rust/Cargo.toml
diff --git a/.github/workflows/server-ci.yml b/.github/workflows/server-ci.yml
@@ -97,18 +97,3 @@ jobs:
 
     - name: Stop dependencies
       run: docker compose -f "server/testing-docker-compose.yml" down
-#  deny-check:
-#    name: cargo-deny check
-#    runs-on: ubuntu-24.04
-#    continue-on-error: ${{ matrix.checks == 'advisories' }}
-#    strategy:
-#      matrix:
-#        checks:
-#          - advisories
-#          - bans licenses sources
-#    steps:
-#      - uses: actions/checkout@v4
-#      - uses: EmbarkStudios/cargo-deny-action@v1
-#        with:
-#          command: check ${{ matrix.checks }}
-#          arguments: --all-features --manifest-path axum/Cargo.toml
diff --git a/.github/workflows/server-security.yml b/.github/workflows/server-security.yml
@@ -24,6 +24,6 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
         with:
           manifest-path: server/Cargo.toml
diff --git a/deny.toml b/deny.toml
@@ -1,3 +1,4 @@
+[graph]
 targets = [
     { triple = "x86_64-pc-windows-gnu" },
     { triple = "x86_64-unknown-linux-musl" },
@@ -8,17 +9,15 @@ targets = [
 [advisories]
 db-path = "~/.cargo/advisory-db"
 db-urls = ["https://github.com/rustsec/advisory-db"]
-vulnerability = "deny"
-unmaintained = "warn"
 yanked = "deny"
-notice = "warn"
 ignore = [
     # TODO: Update dependencies that use rsa crate
-    "RUSTSEC-2023-0071"
+    "RUSTSEC-2023-0071",
+    # TODO: Wait for dependencies to upgrade off of proc-macro-error
+    "RUSTSEC-2024-0370",
 ]
 
 [licenses]
-unlicensed = "deny"
 allow = [
     "Apache-2.0",
     "BSD-2-Clause",
@@ -31,10 +30,6 @@ allow = [
     "Unicode-DFS-2016",
     "CC0-1.0",
 ]
-deny = []
-copyleft = "deny"
-allow-osi-fsf-free = "neither"
-default = "deny"
 confidence-threshold = 0.8
 exceptions = [
     #{ allow = ["Zlib"], name = "adler32", version = "*" },
