lpil opened PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil updated PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil updated PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil submitted PR Review.
lpil created PR Review Comment:
I'm compiling from crates.io here but alternatively I could download a precompiled binary from GitHub to make this run faster https://github.com/EmbarkStudios/cargo-deny/releases
This would mean that version upgrades require changing this file to get the newer binary, and there is no checksum to verify the binary with.
lpil has marked PR #2519 as ready for review.
lpil edited PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
tschneidereit created PR Review Comment:
I think using the precompiled binary would be good. We could perhaps embed the hash from the current release here?
tschneidereit submitted PR Review.
lpil submitted PR Review.
lpil created PR Review Comment:
Oh yes of course! I'll do this
lpil created PR Review Comment:
I've just noticed that checksums are not checked for the other binaries being downloaded so I'll skip for now.
lpil submitted PR Review.
lpil edited PR Review Comment.
lpil updated PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil updated PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil updated PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil updated PR #2519 from cargo-deny
to main
:
Hello everyone!
This PR adds configuration and a GitHub actions workflow job to run cargo-deny, a tool that lints the dependency graph for security advisories, duplicate versions, and incompatible licences
Preceding issue: https://github.com/bytecodealliance/wasmtime/issues/2225#issuecomment-746913790
Currently there are multiple versions of these crates in the dep tree
ansi_term
cfg-if
env_logger
getrandom
humantime
memoffset
wasmparser
wast
One unmaintained crate is in the dep tree,
dirs
.If this PR looks good I can open another one fixing these issues afterwards.
I don't know who should be the reviewer of this PR.
Thanks,
Louis
lpil has marked PR #2519 as ready for review.
lpil requested tschneidereit for a review on PR #2519.
pchickey submitted PR Review.
pchickey merged PR #2519.
Last updated: Dec 23 2024 at 13:07 UTC