topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Address review feedback on deny.toml and build.yml 

- Remove RUSTSEC-2026-0049 ignore (advisory not triggered in this repo)
- Shorten license allowlist to only licenses present in the dep tree
- Set multiple-versions to "allow" (transitive dups can't be resolved)
- Set wildcards to "deny" with allow-wildcard-paths = true
- Update cargo-deny-action pin to 175dc7fd (v2.0.16)
pull/6992/head
TriplEight 2 weeks ago
parent
33b0316995
commit
5bc2f1401f
No known key found for this signature in database GPG Key ID: 9E9B1BBD89CE29A1
2 changed files with 7 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .github/workflows/build.yml
  2. 24
      deny.toml

2
.github/workflows/build.yml
View File

@ -184,7 +184,7 @@ jobs:
- name: "cargo deny" - name: "cargo deny"
id: deny id: deny
if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }} if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }}
uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 uses: EmbarkStudios/cargo-deny-action@175dc7fd4fb85ec8f46948fb98f44db001149081 # v2.0.16
# End Run cargo deny # End Run cargo deny

24
deny.toml
View File

@ -18,11 +18,6 @@ ignore = [
# wrapper around rustls-pki-types and pulled in transitively via rustls 0.21.x. # wrapper around rustls-pki-types and pulled in transitively via rustls 0.21.x.
# Removing it requires upstream crates to drop their rustls 0.21 dependency. # Removing it requires upstream crates to drop their rustls 0.21 dependency.
{ id = "RUSTSEC-2025-0134", reason = "Transitive via rustls 0.21.x compat chain; blocked on upstream upgrade." }, { id = "RUSTSEC-2025-0134", reason = "Transitive via rustls 0.21.x compat chain; blocked on upstream upgrade." },
# CRL validation bug in rustls-webpki: fix requires >=0.103.10, but rustls-webpki
# 0.101.x is pinned by the rustls 0.21.x compatibility stack.
# Track upstream rustls upgrade to resolve both occurrences.
{ id = "RUSTSEC-2026-0049", reason = "rustls-webpki 0.101.x locked by rustls 0.21.x compat chain; track upstream rustls upgrade." },
] ]
# ============================================================================= # =============================================================================
@ -34,18 +29,13 @@ ignore = [
allow = [ allow = [
"0BSD", "0BSD",
"Apache-2.0", "Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-1-Clause",
"BSD-2-Clause",
"BSD-3-Clause", "BSD-3-Clause",
"BSL-1.0", # Boost Software License (ryu) "CC0-1.0",
"CDLA-Permissive-2.0", # Community Data License Agreement (webpki-roots) "CDLA-Permissive-2.0",
"ISC", "ISC",
"LGPL-2.1-or-later", # r-efi (Windows-only UEFI crate; dynamically linked)
"MIT", "MIT",
"MPL-2.0", # webauthn-rs crates (file-level copyleft, compatible) "MPL-2.0",
"Unicode-3.0", "Unicode-3.0",
"Unlicense",
"Zlib", "Zlib",
] ]
@ -59,11 +49,9 @@ ignore = true
[bans] [bans]
# Warn on duplicate versions; many arise from transitive deps and require # Warn on duplicate versions; many arise from transitive deps and require
# upstream changes to resolve. Promote to "deny" once the dep tree stabilises. # upstream changes to resolve. Promote to "deny" once the dep tree stabilises.
multiple-versions = "warn" multiple-versions = "allow"
# Warn on wildcard version requirements. "deny" would also flag internal wildcards = "deny"
# workspace path dependencies (macros = { path = "./macros" }), which have allow-wildcard-paths = true
# no version specifier by design, so "warn" is used instead.
wildcards = "warn"
highlight = "all" highlight = "all"
# ============================================================================= # =============================================================================

Write Preview
Loading…
Cancel
Save