diff --git a/Cargo.toml b/Cargo.toml index 5023c3c1..a2db36b9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -103,6 +103,7 @@ strum = { version = "0.26", features = ["derive"] } # Index retrieval and querying tame-index = { version = "0.12", default-features = false, features = [ "git", + "local", "sparse", ] } # Timestamp emission diff --git a/examples/06_advisories/Cargo.lock b/examples/06_advisories/Cargo.lock index f65adb57..fcbc74ca 100644 --- a/examples/06_advisories/Cargo.lock +++ b/examples/06_advisories/Cargo.lock @@ -24,10 +24,10 @@ dependencies = [ "ammonia 0.7.0", "artifact_serde", "axum-core", + "const-cstr", "dirs", "failure", "lettre", - "libusb", "trust-dns-resolver", ] @@ -140,21 +140,6 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" -[[package]] -name = "bit-set" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6e1e6fb1c9e3d6fcdec57216a74eaa03e41f52a22f13a16438251d8e88b89da" -dependencies = [ - "bit-vec", -] - -[[package]] -name = "bit-vec" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" - [[package]] name = "bitflags" version = "1.2.1" @@ -206,6 +191,12 @@ dependencies = [ "bitflags", ] +[[package]] +name = "const-cstr" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed3d0b5ff30645a68f35ece8cea4556ca14ef8a1651455f789a099a0513532a6" + [[package]] name = "core-foundation" version = "0.9.1" @@ -599,27 +590,6 @@ version = "0.2.98" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790" -[[package]] -name = "libusb" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f990ddd929cbe53de4ecd6cf26e1f4e0c5b9796e4c629d9046570b03738aa53" -dependencies = [ - "bit-set", - "libc", - "libusb-sys", -] - -[[package]] -name = "libusb-sys" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c53b6582563d64ad3e692f54ef95239c3ea8069e82c9eb70ca948869a7ad767" -dependencies = [ - "libc", - "pkg-config", -] - [[package]] name = "linked-hash-map" version = "0.5.6" diff --git a/examples/06_advisories/Cargo.toml b/examples/06_advisories/Cargo.toml index e6f0d925..3ab03da8 100644 --- a/examples/06_advisories/Cargo.toml +++ b/examples/06_advisories/Cargo.toml @@ -24,9 +24,9 @@ dirs = "4.0" # Failure has an unsound advisory (and is unmaintained) failure = "=0.1.8" -# libusb is unmaintained -# https://github.com/RustSec/advisory-db/blob/5b35b71cf74eed58696aeeb5a764a9f0a66fe7ba/crates/libusb/RUSTSEC-2016-0004.toml -libusb = "0.3.0" +# const-cstr is unmaintained +# https://github.com/rustsec/advisory-db/blob/463e8405f85bb74eef17149f7e704b07723ce46e/crates/const-cstr/RUSTSEC-2023-0020.md +const-cstr = "0.3" # The advisory applies to 0.10.0-alpha.1 >= && < 0.10.0-alpha.4 # https://github.com/RustSec/advisory-db/blob/c71cfec8c3fe313c9445a9ab0ae9b7faedda850a/crates/lettre/RUSTSEC-2020-0069.md diff --git a/src/advisories/helpers/index.rs b/src/advisories/helpers/index.rs index 07860435..8490f18a 100644 --- a/src/advisories/helpers/index.rs +++ b/src/advisories/helpers/index.rs @@ -76,8 +76,8 @@ impl<'k> Indices<'k> { let cache = set .into_par_iter() .map(|(name, src)| { - let read_entry = || -> Result { - match indices + let read_entry = || -> Result { + let res = match indices .iter() .find_map(|(url, index)| (src == *url).then_some(index)) .ok_or_else(|| "unable to locate index".to_owned())? @@ -90,25 +90,21 @@ impl<'k> Indices<'k> { ) { Ok(Some(ik)) => { let yank_map = Self::load_index_krate(ik); - Ok(yank_map) + Entry::Map(yank_map) } - Ok(None) => { - Err("unable to locate index entry for crate".to_owned()) - } - Err(err) => Err(format!("{err:#}")), + Ok(None) => Entry::Error( + "unable to locate index entry for crate".to_owned(), + ), + Err(err) => Entry::Error(format!("{err:#}")), } } - Err(err) => Err(format!("{err:#}")), - } + Err(err) => Entry::Error(format!("{err:#}")), + }; + + Ok(res) }; - ( - (name, src), - match read_entry() { - Ok(ym) => Entry::Map(ym), - Err(err) => Entry::Error(err), - }, - ) + ((name, src), read_entry().unwrap_or_else(Entry::Error)) }) .collect(); diff --git a/src/bans.rs b/src/bans.rs index 48e817bc..14748865 100644 --- a/src/bans.rs +++ b/src/bans.rs @@ -115,8 +115,8 @@ impl TreeSkipper { krate_id: krates::NodeId, krates: &Krates, ) -> SkipRoot { - let (max_depth, reason) = ts.inner.map_or((std::usize::MAX, None), |inn| { - (inn.depth.unwrap_or(std::usize::MAX), inn.reason) + let (max_depth, reason) = ts.inner.map_or((usize::MAX, None), |inn| { + (inn.depth.unwrap_or(usize::MAX), inn.reason) }); let mut skip_crates = Vec::with_capacity(10); @@ -396,7 +396,7 @@ pub fn check( LintLevel::Allow => return, }; - let mut all_start = std::usize::MAX; + let mut all_start = usize::MAX; let mut all_end = 0; struct Dupe { diff --git a/src/cargo-deny/common.rs b/src/cargo-deny/common.rs index af365058..5760fdaa 100644 --- a/src/cargo-deny/common.rs +++ b/src/cargo-deny/common.rs @@ -25,6 +25,7 @@ pub struct KrateContext { pub offline: bool, /// If true, allows using the crates.io git index, otherwise the sparse index /// is assumed to be the only index + #[allow(dead_code)] pub allow_git_index: bool, pub exclude_dev: bool, } diff --git a/tests/test_data/non-crates-io/Cargo.toml b/tests/test_data/non-crates-io/Cargo.toml index f12e8fd3..aad346cb 100644 --- a/tests/test_data/non-crates-io/Cargo.toml +++ b/tests/test_data/non-crates-io/Cargo.toml @@ -4,5 +4,5 @@ version = "0.1.0" edition = "2021" [dependencies] -from-git = { package = "crate-one", registry = "embark-deny-git" } -from-sparse = { package = "crate-two", registry = "embark-deny-sparse" } +from-git = { version = "*", package = "crate-one", registry = "embark-deny-git" } +from-sparse = { version = "*", package = "crate-two", registry = "embark-deny-sparse" }