diff --git a/earthly/rust/scripts/std_checks.py b/earthly/rust/scripts/std_checks.py index 03068e20..b90ca537 100755 --- a/earthly/rust/scripts/std_checks.py +++ b/earthly/rust/scripts/std_checks.py @@ -90,7 +90,7 @@ def main(): results.add( vendor_files_check.toml_diff_check("/stdcfgs/clippy.toml", "clippy.toml") ) - results.add(vendor_files_check.toml_diff_check("/stdcfgs/deny.toml", "deny.toml")) + results.add(vendor_files_check.toml_diff_check("/stdcfgs/deny.toml", "deny.toml", strict=False)) # Check if the rust src is properly formatted. res = exec_manager.cli_run("cargo +nightly fmtchk ", name="Rust Code Format Check") @@ -104,7 +104,7 @@ def main(): results.add(exec_manager.cli_run("cargo machete", name="Unused Dependencies Check")) # Check if we have any supply chain issues with dependencies. results.add( - exec_manager.cli_run("cargo deny check --exclude-dev -W vulnerability", name="Supply Chain Issues Check") + exec_manager.cli_run("cargo deny check --exclude-dev", name="Supply Chain Issues Check") ) results.print() diff --git a/earthly/rust/stdcfgs/deny.toml b/earthly/rust/stdcfgs/deny.toml index 77f0259f..71104cf8 100644 --- a/earthly/rust/stdcfgs/deny.toml +++ b/earthly/rust/stdcfgs/deny.toml @@ -1,4 +1,4 @@ -# cspell: words msvc, wasip, RUSTSEC, rustls, libssh, reqwest, tinyvec, Leay, webpki +# cspell: words msvc, wasip, rustls, libssh, reqwest, tinyvec, Leay, webpki [graph] # cargo-deny is really only ever intended to run on the "normal" tier-1 targets @@ -16,11 +16,6 @@ targets = [ [advisories] version = 2 -ignore = [ - { id = "RUSTSEC-2020-0168", reason = "`mach` is used by wasmtime and we have no control over that." }, - { id = "RUSTSEC-2021-0145", reason = "we don't target windows, and don't use a custom global allocator." }, - { id = "RUSTSEC-2024-0370", reason = "`proc-macro-error` is used by crates we rely on, we can't control what they use."}, -] [bans] multiple-versions = "warn" @@ -51,15 +46,6 @@ skip-tree = [ unknown-registry = "deny" unknown-git = "deny" -# List of URLs for allowed Git repositories -allow-git = [ - "https://github.com/input-output-hk/catalyst-libs.git", - "https://github.com/input-output-hk/catalyst-pallas.git", - "https://github.com/input-output-hk/catalyst-mithril.git", - "https://github.com/bytecodealliance/wasmtime", - "https://github.com/aldanor/hdf5-rust", -] - [licenses] version = 2 # Don't warn if a listed license isn't found diff --git a/examples/rust/deny.toml b/examples/rust/deny.toml index 77f0259f..71104cf8 100644 --- a/examples/rust/deny.toml +++ b/examples/rust/deny.toml @@ -1,4 +1,4 @@ -# cspell: words msvc, wasip, RUSTSEC, rustls, libssh, reqwest, tinyvec, Leay, webpki +# cspell: words msvc, wasip, rustls, libssh, reqwest, tinyvec, Leay, webpki [graph] # cargo-deny is really only ever intended to run on the "normal" tier-1 targets @@ -16,11 +16,6 @@ targets = [ [advisories] version = 2 -ignore = [ - { id = "RUSTSEC-2020-0168", reason = "`mach` is used by wasmtime and we have no control over that." }, - { id = "RUSTSEC-2021-0145", reason = "we don't target windows, and don't use a custom global allocator." }, - { id = "RUSTSEC-2024-0370", reason = "`proc-macro-error` is used by crates we rely on, we can't control what they use."}, -] [bans] multiple-versions = "warn" @@ -51,15 +46,6 @@ skip-tree = [ unknown-registry = "deny" unknown-git = "deny" -# List of URLs for allowed Git repositories -allow-git = [ - "https://github.com/input-output-hk/catalyst-libs.git", - "https://github.com/input-output-hk/catalyst-pallas.git", - "https://github.com/input-output-hk/catalyst-mithril.git", - "https://github.com/bytecodealliance/wasmtime", - "https://github.com/aldanor/hdf5-rust", -] - [licenses] version = 2 # Don't warn if a listed license isn't found