letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Update Cargo.lock and update cargo-deny exceptions

Browse Source
This commit is contained in:
Quentin Gliech
2024-05-02 14:16:40 +02:00
parent 87b0601091
commit 7e93f08ecd
5 changed files with 270 additions and 273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
deny.toml
View File

@@ -11,16 +11,9 @@ version = 2
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
ignore = [
# `wasmtime` depends on `mach`
# PR to migrate to `mach2`: https://github.com/bytecodealliance/wasmtime/pull/6164
"RUSTSEC-2020-0168",
# RSA key extraction "Marvin Attack". This is only relevant when using
# PKCS#1 v1.5 encryption, which we don't
"RUSTSEC-2023-0071",
# yaml-rust is unmaintained, and used by insta, which isn't a production dependency
"RUSTSEC-2024-0320",
]
[licenses]
@@ -65,15 +58,13 @@ skip = [
{ name = "base64", version = "0.21.7" }, # many dependencies depends on this old version
{ name = "spin", version = "0.5.2" }, # lazy_static and ring depends on the old version
{ name = "syn", version = "1.0.109" }, # sea-query, sqlx, schemars depend on the old version
{ name = "strsim", version = "0.10.0" }, # darling depends on the old version
{ name = "event-listener", version = "2.5.3" }, # async-channel (wiremock) and sqlx-core depend on the old version
{ name = "regex-syntax", version = "0.6.29" }, # tracing-subscriber[env-filter] -> matchers depends on the old version
{ name = "regex-automata", version = "0.1.10" }, # ^
{ name = "regex-automata", version = "0.2.0" }, # icu_list depends on this old version
{ name = "socket2", version = "0.4.10" }, # old hyper version depends on this old version
{ name = "indexmap", version = "1.9.3" }, # schemars depends on this old version
{ name = "object", version = "0.32.2" }, # sentry-backtrace depends on this old version
{ name = "itertools", version = "0.10.5" }, # wasmtime & others depends on the old version
{ name = "itertools", version = "0.11.0" },
{ name = "bitflags", version = "1.3.2" }, # axum depends on an old version
{ name = "hashbrown" }, # Too many versions :(
# sqlx uses old versions of those:
@@ -85,11 +76,13 @@ skip = [
{ name = "heck", version = "0.4.1" },
# we depend on old http/http-body/hyper versions, but some dependencies already upgraded
{ name = "http", version = "0.2.12" },
# sea-query-attr uses an old version of darling
{ name = "darling", version = "0.14.4" },
{ name = "darling_core", version = "0.14.4" },
{ name = "darling_macro", version = "0.14.4" },
]
skip-tree = [
{ name = "darling", version = "0.14.4", depth = 2 }, # sea-query-attr depends on an old version
]
skip-tree = []
# We should never enable the (default) `oldtime` feature of `chrono`
[[bans.features]]