Wasmtime GitHub notifications bot (Dec 17 2020 at 11:34): Wasmtime GitHub notifications bot (Dec 17 2020 at 11:34):lpil opened PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 11:35):lpil updated PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 11:42):lpil updated PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 11:50):lpil submitted PR Review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 11:50):lpil created PR Review Comment:
I'm compiling from crates.io here but alternatively I could download a precompiled binary from GitHub to make this run faster https://github.com/EmbarkStudios/cargo-deny/releases
This would mean that version upgrades require changing this file to get the newer binary, and there is no checksum to verify the binary with.
Wasmtime GitHub notifications bot (Dec 17 2020 at 11:52):lpil has marked PR #2519 as ready for review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 12:14):lpil edited PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:31):tschneidereit created PR Review Comment:
I think using the precompiled binary would be good. We could perhaps embed the hash from the current release here?
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:31):tschneidereit submitted PR Review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:34):lpil submitted PR Review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:34):lpil created PR Review Comment:
Oh yes of course! I'll do this
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:47):lpil created PR Review Comment:
I've just noticed that checksums are not checked for the other binaries being downloaded so I'll skip for now.
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:47):lpil submitted PR Review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:47):lpil edited PR Review Comment.
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:48):lpil updated PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:51):lpil updated PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:53):lpil updated PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 13:56):lpil updated PR #2519 from cargo-deny to main:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_termcfg-ifenv_loggergetrandomhumantimememoffsetwasmparserwastOne unmaintained crate is in the dep tree,
dirs.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
Wasmtime GitHub notifications bot (Dec 17 2020 at 14:12):lpil has marked PR #2519 as ready for review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 14:12):lpil requested tschneidereit for a review on PR #2519.
Wasmtime GitHub notifications bot (Dec 17 2020 at 18:33):pchickey submitted PR Review.
Wasmtime GitHub notifications bot (Dec 17 2020 at 18:33):pchickey merged PR #2519.
Last updated: Nov 22 2024 at 16:03 UTC