Skip to content

Fix deny.toml configuration for cargo-deny 2.0.13 compatibility#1614

Closed
Copilot wants to merge 3 commits intodependabot/github_actions/all-actions-be3d86f6abfrom
copilot/sub-pr-1604
Closed

Fix deny.toml configuration for cargo-deny 2.0.13 compatibility#1614
Copilot wants to merge 3 commits intodependabot/github_actions/all-actions-be3d86f6abfrom
copilot/sub-pr-1604

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Nov 4, 2025
edited
Loading

The deny.toml configuration file used deprecated format and fields, causing cargo-deny 2.0.13 to fail with multiple errors including error[unexpected-value]: expected '["all", "workspace", "transitive", "none"]' and error[deprecated]: this key has been removed.

Changes

  • Restructured configuration: Moved options to new section-based structure required by cargo-deny 2.0+
    • Created [graph] section for dependency graph options (targets, exclude, all-features, no-default-features)
    • Created [output] section for diagnostic output options (feature-depth)
  • Updated advisories section:
    • Changed unmaintained from lint level "warn" to scope value "workspace"
    • Removed deprecated fields: vulnerability, yanked, notice
  • Updated licenses section:
    • Removed deprecated fields: unlicensed, deny, copyleft, allow-osi-fsf-free, default
    • Kept only allow list with approved licenses

Behavior Preservation

  • unmaintained = "workspace" checks direct workspace dependencies for unmaintained status (similar to previous warning behavior)
  • License checking still enforces the same allow-list of approved licenses (MIT, Apache-2.0, BSD-3-Clause, Apache-2.0 WITH LLVM-exception, Unicode-DFS-2016)
  • Advisory checks continue with continue-on-error: true in the workflow to prevent blocking on new advisories

The configuration now uses cargo-deny 2.0.13's structure while maintaining equivalent behavior to the previous setup.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI self-assigned this Nov 4, 2025
Copilot AI mentioned this pull request Nov 4, 2025
Closed
@leighmcculloch
Fix deny.toml unmaintained config for cargo-deny 2.0.13
ad3bcb2 
Co-authored-by: leighmcculloch <351529+leighmcculloch@users.noreply.github.com>
Copilot AI changed the title [WIP] Bump the all-actions group with 6 updates Fix deny.toml configuration for cargo-deny 2.0.13 compatibility Nov 4, 2025
Copilot AI requested a review from leighmcculloch November 4, 2025 05:58
@leighmcculloch leighmcculloch marked this pull request as ready for review November 4, 2025 06:08
@leighmcculloch
Copy link
Copy Markdown
Member

leighmcculloch commented Nov 4, 2025

@copilot Fix the other ci failures in this pr.

@leighmcculloch
Update deny.toml for cargo-deny 2.0.13 compatibility
ba99e7b 
Co-authored-by: leighmcculloch <351529+leighmcculloch@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Nov 4, 2025

@copilot Fix the other ci failures in this pr.

Fixed in ba99e7b. Updated deny.toml to be compatible with cargo-deny 2.0.13 by:

  • Moving graph-related options (targets, exclude, all-features, no-default-features) to [graph] section
  • Moving feature-depth to [output] section
  • Removing deprecated lint level fields (vulnerability, yanked, notice) from [advisories] section
  • Removing deprecated fields (unlicensed, deny, copyleft, allow-osi-fsf-free, default) from [licenses] section

The configuration now uses the new cargo-deny 2.0+ structure while preserving the same behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leighmcculloch leighmcculloch Awaiting requested review from leighmcculloch

Assignees

@leighmcculloch leighmcculloch

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leighmcculloch