Stream: git-wasmtime

Topic: wasmtime / PR #2519 Lint deps tree with cargo deny


view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 11:34):

lpil opened PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 11:35):

lpil updated PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 11:42):

lpil updated PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 11:50):

lpil submitted PR Review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 11:50):

lpil created PR Review Comment:

I'm compiling from crates.io here but alternatively I could download a precompiled binary from GitHub to make this run faster https://github.com/EmbarkStudios/cargo-deny/releases

This would mean that version upgrades require changing this file to get the newer binary, and there is no checksum to verify the binary with.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 11:52):

lpil has marked PR #2519 as ready for review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 12:14):

lpil edited PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

If this PR looks good I can open another one fixing these issues afterwards.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:31):

tschneidereit created PR Review Comment:

I think using the precompiled binary would be good. We could perhaps embed the hash from the current release here?

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:31):

tschneidereit submitted PR Review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:34):

lpil submitted PR Review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:34):

lpil created PR Review Comment:

Oh yes of course! I'll do this

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:47):

lpil created PR Review Comment:

I've just noticed that checksums are not checked for the other binaries being downloaded so I'll skip for now.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:47):

lpil submitted PR Review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:47):

lpil edited PR Review Comment.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:48):

lpil updated PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

If this PR looks good I can open another one fixing these issues afterwards.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:51):

lpil updated PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

If this PR looks good I can open another one fixing these issues afterwards.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:53):

lpil updated PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

If this PR looks good I can open another one fixing these issues afterwards.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 13:56):

lpil updated PR #2519 from cargo-deny to main:

Hello everyone!

This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences

Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790

Currently there are multiple versions of these crates in the dep tree

One unmaintained crate is in the dep tree, dirs.

If this PR looks good I can open another one fixing these issues afterwards.

I don't know who should be the reviewer of this PR.

Thanks,
Louis

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 14:12):

lpil has marked PR #2519 as ready for review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 14:12):

lpil requested tschneidereit for a review on PR #2519.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 18:33):

pchickey submitted PR Review.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 17 2020 at 18:33):

pchickey merged PR #2519.


Last updated: Dec 23 2024 at 13:07 UTC