Cargo Deny Report

[lightsing]

We have some issues found by cargo-deny:

License Issues

• fastrlp v0.1.3 is GPL-3.0 licensed:
  • This is a dependency of ethers-core.
  • Solution: upgrade to fastrlp v0.3 is MPL-2.0 licensed.
• our crates are not licensed:
  • aggregator
  • halo2-base
  • halo2-ecc
  • halo2-gate-generator
  • halo2wrong
  • maingate
  • misc-precompiled-circuit
  • prover
  • snark-verifier
  • snark-verifier-sdk
  • testool

Unmaintained/Deprecated Dependencies Issues

• serde_cbor is unmaintained.
  • Solution: This is a dependency of criterion, upgrade criterion.
• dotenv is unmaintained #932
  • Solution: This is a dependency of prover, use dotenvy instead.
• hermit-abi v0.3.1 is yanked
  • Solution: cargo update -p hermit-abi

Dependencies with vulnerability issues

• rustls-webpki: CPU denial of service in certificate path building
  • This is a dependency of reqwest
  • Solution: Upgrade it.
• webpki: CPU denial of service in certificate path building
  • This is a dependency of reqwest and tokio-tungstenite
  • Solution: Upgrade them.
• time: Potential segfault in the time crate
  • Solution: cargo update -p time

[lispc]

we plan to upgrade ethers rs soon. Very likely fastrlp will be upgraded then.