Update crates (EmbarkStudios#362)

* Update crates and fix all clippy lints

* Fix typo

* Add docs about GFDL licenses

* Fix deny config

* Update SPDX license list version

Cargo.toml

@@ -45,7 +45,7 @@ atty = "0.2"
 # Used to track various things during check runs
 bitvec = { version = "0.22", features = ["alloc"] }
 # Allows us to do eg cargo metadata operations without relying on an external cargo
-cargo = { version = "0.54", optional = true }
+cargo = { version = "0.55", optional = true }
 # Timey wimey stuff
 chrono = "0.4"
 # Used for diagnostic reporting
@@ -80,7 +80,7 @@ serde_json = "1.0"
 # Avoid some heap allocations when we likely won't need them
 smallvec = "1.6"
 # Used for parsing and checking SPDX license expressions
-spdx = "0.5"
+spdx = "0.6"
 # Handles all of the argument parsing
 structopt = "0.3"
 # Deserialization of configuration files and crate manifests

README.md

@@ -6,7 +6,7 @@
 [![Docs](https://img.shields.io/badge/The%20Book-📕-brightgreen.svg)](https://embarkstudios.github.io/cargo-deny/)
 [![API Docs](https://docs.rs/cargo-deny/badge.svg)](https://docs.rs/cargo-deny)
 [![Minimum Stable Rust Version](https://img.shields.io/badge/Rust-1.53.0-blue?color=fc8d62&logo=rust)](https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html)
-[![SPDX Version](https://img.shields.io/badge/SPDX%20Version-3.11-blue.svg)](https://spdx.org/licenses/)
+[![SPDX Version](https://img.shields.io/badge/SPDX%20Version-3.14-blue.svg)](https://spdx.org/licenses/)
 [![dependency status](https://deps.rs/repo/github/EmbarkStudios/cargo-deny/status.svg)](https://deps.rs/repo/github/EmbarkStudios/cargo-deny)
 [![Build Status](https://github.com/EmbarkStudios/cargo-deny/workflows/CI/badge.svg)](https://github.com/EmbarkStudios/cargo-deny/actions?workflow=CI)
 

deny.toml

@@ -26,17 +26,12 @@ deny = [
 skip = [
     # clap uses an older version of ansi_term
     { name = "ansi_term", version = "=0.11.0" },
-    # cfg-if reached 1.0 but many crates still depend on the 0.1 version
-    { name = "cfg-if", version = "=0.1.10" },
     # cargo uses crypto-hash, which uses an old version
     { name = "hex", version = "=0.3.2" },
     # im-rc, used by cargo, uses an old version of rand_core
     { name = "rand_core", version = "=0.5.1" },
-    # cargo uses an older version of semver
-    { name = "semver", version = "=0.10.0" },
-    { name = "semver-parser", version = "=0.7.0" },
-    # rustsec pulls in 0.11 via an old version of crates-index
-    { name = "semver", version = "=0.11.0" },
+    # askalono pulls in an ancient version of zstd that uses an outdated itertools
+    { name = "itertools", version = "=0.9.0" },
 ]
 
 [sources]

docs/src/checks/licenses/cfg.md

@@ -71,6 +71,24 @@ allow = [ "GPL-3.0" ]
 deny = [ "GPL-2.0" ]
 ```
 
+This gets worse with the GFDL licenses, which also have an `invariants` modifier. Before licenses are checked they are normalized to make them consistent for all licenses.
+
+Let's use [`GFDL-1.2`](https://spdx.org/licenses/GFDL-1.2-only.html) to show how license requirements are normalized.
+
+* `GFDL-1.2-invariants-only` => `GFDL-1.2-invariants`
+* `GFDL-1.2-invariants-or-later` => `GFDL-1.2-invariants+`
+* `GFDL-1.2-no-invariants-only` => `GFDL-1.2`
+* `GFDL-1.2-no-invariants-or-later` => `GFDL-1.2+`
+* `GFDL-1.2-only` => `GFDL-1.2`
+* `GFDL-1.2-or-later` => `GFDL-1.2+`
+
+So, for example, if you wanted to allow all version (1.1, 1.2, and 1.3), but only invariants for 1.3 you could use the following configuration.
+
+```ini
+[licenses]
+allow = [ "GFDL-1.1", "GFDL-1.2", "GFDL-1.3", "GFDL-1.3-variants"]
+```
+
 ### The `exceptions` field (optional)
 
 The license configuration generally applies to the entire crate graph, but this means that allowing any one license applies to all possible crates, even if only 1 crate actually uses that license. The `exceptions` field is meant to allow licenses only for particular crates, to make a clear distinction between licenses which you are fine with everywhere, versus ones which you want to be more selective about, and not have implicitly allowed in the future.

src/advisories.rs

@@ -22,7 +22,7 @@ where
     F: FnMut(serde_json::Value),
 {
     fn report(&mut self, report: serde_json::Value) {
-        self(report)
+        self(report);
     }
 }
 
@@ -105,7 +105,7 @@ pub fn check<R>(
                 }
 
                 let diag = ctx.diag_for_advisory(krate, i, advisory, versions, |index| {
-                    ignore_hits.as_mut_bitslice().set(index, true)
+                    ignore_hits.as_mut_bitslice().set(index, true);
                 });
 
                 sink.push(diag);

src/advisories/diags.rs

@@ -100,7 +100,7 @@ impl<'a> crate::CheckCtx<'a, super::cfg::ValidConfig> {
 
         if let Some(versions) = versions {
             if versions.patched().is_empty() {
-                notes.push("Solution: No safe upgrade is available!".to_owned())
+                notes.push("Solution: No safe upgrade is available!".to_owned());
             } else {
                 notes.push(format!(
                     "Solution: Upgrade to {}",
@@ -111,7 +111,7 @@ impl<'a> crate::CheckCtx<'a, super::cfg::ValidConfig> {
                         .collect::<Vec<_>>()
                         .as_slice()
                         .join(" OR ")
-                ))
+                ));
             }
         };
 

src/bans.rs

@@ -330,11 +330,11 @@ pub fn check(
                         let span = &ctx.krate_spans[dup];
 
                         if span.start < all_start {
-                            all_start = span.start
+                            all_start = span.start;
                         }
 
                         if span.end > all_end {
-                            all_end = span.end
+                            all_end = span.end;
                         }
 
                         let krate = &ctx.krates[dup];

src/bans/graph.rs

@@ -41,77 +41,12 @@ type Id = pg::graph::NodeIndex<u32>;
 #[derive(Debug)]
 pub enum Shape {
     r#box,
-    // polygon,
-    // ellipse,
-    // oval,
-    // circle,
-    // point,
-    // egg,
-    // triangle,
-    // plaintext,
-    // plain,
-    // diamond,
-    // trapezium,
-    // parallelogram,
-    // house,
-    // pentagon,
-    // hexagon,
-    // septagon,
-    // octagon,
-    // doublecircle,
-    // doubleoctagon,
-    // tripleoctagon,
-    // invtriangle,
-    // invtrapezium,
-    // invhouse,
-    // Mdiamond,
-    // Msquare,
-    // Mcircle,
-    // rect,
-    // rectangle,
-    // square,
-    // star,
-    // none,
-    // underline,
-    // cylinder,
-    // note,
-    // tab,
-    // folder,
-    // box3d,
-    // component,
-    // promoter,
-    // cds,
-    // terminator,
-    // utr,
-    // primersite,
-    // restrictionsite,
-    // fivepoverhang,
-    // threepoverhang,
-    // noverhang,
-    // assembly,
-    // signature,
-    // insulator,
-    // ribosite,
-    // rnastab,
-    // proteasesite,
-    // proteinstab,
-    // rpromoter,
-    // rarrow,
-    // larrow,
-    // lpromoter,
 }
 
 #[allow(non_camel_case_types)]
 #[derive(Debug)]
 pub enum Style {
-    // filled,
-    // invisible,
-    // diagonals,
     rounded,
-    // dashed,
-    // dotted,
-    // solid,
-    // bold,
 }
 
 struct NodeAttributes<'a> {
@@ -227,7 +162,7 @@ pub(crate) fn create_graph(
 
             for edge in graph.edges_directed(nid, pg::Direction::Incoming) {
                 if set.insert(edge.id()) {
-                    node_stack.push(edge.source())
+                    node_stack.push(edge.source());
                 }
             }
         }

src/cargo-deny/check.rs

@@ -237,7 +237,7 @@ pub(crate) fn cmd(
                     }
 
                     s.spawn(|_| {
-                        krate_spans = Some(cargo_deny::diag::KrateSpans::synthesize(krates))
+                        krate_spans = Some(cargo_deny::diag::KrateSpans::synthesize(krates));
                     });
                 });
             }

src/cargo-deny/fetch.rs

@@ -152,7 +152,7 @@ pub fn cmd(
                         .map(|dburl| dburl.take())
                         .collect(),
                     advisories::Fetch::Allow,
-                ))
+                ));
             });
         }
     });

src/cargo-deny/main.rs

@@ -1,26 +1,36 @@
-// BEGIN - Embark standard lints v0.3
+// BEGIN - Embark standard lints v0.4
 // do not change or add/remove here, but one can add exceptions after this section
 // for more info see: <https://github.com/EmbarkStudios/rust-ecosystem/issues/59>
 #![deny(unsafe_code)]
 #![warn(
     clippy::all,
     clippy::await_holding_lock,
+    clippy::char_lit_as_u8,
+    clippy::checked_conversions,
     clippy::dbg_macro,
     clippy::debug_assert_with_mut_call,
     clippy::doc_markdown,
     clippy::empty_enum,
     clippy::enum_glob_use,
+    clippy::exit,
+    clippy::expl_impl_clone_on_copy,
+    clippy::explicit_deref_methods,
     clippy::explicit_into_iter_loop,
+    clippy::fallible_impl_from,
     clippy::filter_map_next,
+    clippy::float_cmp_const,
     clippy::fn_params_excessive_bools,
     clippy::if_let_mutex,
+    clippy::implicit_clone,
     clippy::imprecise_flops,
     clippy::inefficient_to_string,
+    clippy::invalid_upcast_comparisons,
     clippy::large_types_passed_by_value,
     clippy::let_unit_value,
     clippy::linkedlist,
     clippy::lossy_float_literal,
     clippy::macro_use_imports,
+    clippy::manual_ok_or,
     clippy::map_err_ignore,
     clippy::map_flatten,
     clippy::map_unwrap_or,
@@ -29,26 +39,35 @@
     clippy::match_wildcard_for_single_variants,
     clippy::mem_forget,
     clippy::mismatched_target_os,
+    clippy::mut_mut,
+    clippy::mutex_integer,
     clippy::needless_borrow,
     clippy::needless_continue,
     clippy::option_option,
-    clippy::pub_enum_variant_names,
+    clippy::path_buf_push_overwrite,
+    clippy::ptr_as_ptr,
     clippy::ref_option_ref,
     clippy::rest_pat_in_fully_bound_structs,
+    clippy::same_functions_in_if_condition,
+    clippy::semicolon_if_nothing_returned,
     clippy::string_add_assign,
     clippy::string_add,
+    clippy::string_lit_as_bytes,
     clippy::string_to_string,
-    clippy::suboptimal_flops,
     clippy::todo,
+    clippy::trait_duplication_in_bounds,
     clippy::unimplemented,
     clippy::unnested_or_patterns,
     clippy::unused_self,
+    clippy::useless_transmute,
     clippy::verbose_file_reads,
+    clippy::zero_sized_map_values,
     future_incompatible,
     nonstandard_style,
     rust_2018_idioms
 )]
-// END - Embark standard lints v0.3
+// END - Embark standard lints v0.4
+#![allow(clippy::exit)]
 
 use anyhow::{bail, Context, Error};
 use std::path::PathBuf;

src/index.rs

@@ -199,7 +199,8 @@ impl Index {
             if self.opened[ind].is_none() {
                 match self.registries[ind].open_or_clone() {
                     Ok(bir) => {
-                        #[allow(unsafe_code)] // TODO: Can we get rid of this transmute?
+                        #[allow(unsafe_code, clippy::useless_transmute)]
+                        // TODO: Can we get rid of this transmute?
                         let bir = unsafe { std::mem::transmute::<_, BareIndexRepo<'static>>(bir) };
                         self.opened[ind] = Some(bir);
                     }

src/index/bare.rs

@@ -72,7 +72,8 @@ impl<'a> BareIndexRepo<'a> {
             let commit = repo.find_commit(head)?;
             let tree = commit.tree()?;
 
-            #[allow(unsafe_code)] // TODO: Can we get rid of this transmute?
+            // TODO: Can we get rid of this transmute?
+            #[allow(unsafe_code, clippy::useless_transmute)]
             unsafe {
                 std::mem::transmute::<git2::Tree<'_>, git2::Tree<'static>>(tree)
             }