Skip to content

Commit 53536ce

Browse files
olix0rolix0r
authored
Use cargo-deny to audit dependencies (#833)
The cargo-deny utility provides a convenient way to audit the proxy's dependency tree to audit security vulnerabilities & licensing. Furthermore, it helps detect whether we have multiple versions of a given dependency. This change adds a `deny.toml` that configures the project to detect all such issues and it adds a CI task that can help prevent us from regressing. This change introduces a number of dependency updates to eliminate issues flagged by cargo-deny: * `futures` has been updated to v0.3.9 to fix safety issues; * `pin-project` has been updated to v1; * `regex` has been updated to v1; * `quickcheck` has been updated to v1, which caught minor issues in exp-backoff that have been fixed; Furthermore, this change updates our github actions to use more more recent versions of the base container image and updates actions/checkout to v2.
1 parent 3defe3d commit 53536ce

File tree

51 files changed

+399
-732
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+399
-732
lines changed

.github/workflows/rust.yml

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,37 +9,53 @@ on:
99
jobs:
1010
fmt:
1111
timeout-minutes: 5
12-
runs-on: ubuntu-18.04
12+
runs-on: ubuntu-latest
1313
container:
1414
image: docker://rust:1.49.0-buster
1515
steps:
16-
- uses: actions/checkout@v1
16+
- uses: actions/checkout@v2
1717
- run: rustup component add rustfmt
1818
- run: make check-fmt
1919

20+
audit:
21+
timeout-minutes: 5
22+
runs-on: ubuntu-latest
23+
strategy:
24+
matrix:
25+
checks:
26+
- advisories
27+
- bans licenses sources
28+
# Prevent sudden announcement of a new advisory from failing Ci.
29+
continue-on-error: ${{ matrix.checks == 'advisories' }}
30+
steps:
31+
- uses: actions/checkout@v2
32+
- uses: EmbarkStudios/cargo-deny-action@v1
33+
with:
34+
command: check ${{ matrix.checks }}
35+
2036
clippy:
2137
timeout-minutes: 5
22-
runs-on: ubuntu-18.04
38+
runs-on: ubuntu-latest
2339
container:
2440
image: docker://rust:1.49.0-buster
2541
steps:
26-
- uses: actions/checkout@v1
42+
- uses: actions/checkout@v2
2743
- run: rustup component add clippy
2844
- run: make lint
2945

3046
check:
3147
timeout-minutes: 15
32-
runs-on: ubuntu-18.04
48+
runs-on: ubuntu-latest
3349
container:
3450
image: docker://rust:1.49.0-buster
3551
steps:
36-
- uses: actions/checkout@v1
52+
- uses: actions/checkout@v2
3753
# Iterate through all subcrates to ensure each compiles indpendently.
3854
- run: for d in $(for toml in $(find . -name Cargo.toml) ; do echo ${toml%/*} ; done | sort -r ) ; do echo "# $d" ; (cd $d ; cargo check --all-targets) ; done
3955

4056
test:
4157
timeout-minutes: 15
42-
runs-on: ubuntu-18.04
58+
runs-on: ubuntu-latest
4359
steps:
44-
- uses: actions/checkout@v1
60+
- uses: actions/checkout@v2
4561
- run: make test

0 commit comments

Comments
 (0)