Fix cargo deny in CI

The 0.14.12 release appears to have broken "-A duplicate". Fix by updating our checks to use the latest release/format. Also update iana-time-zone, which was yanked, and ignore safemem, which is only used when bundling.
2024-02-24 15:15:58 +07:00 · 2024-02-24 15:15:58 +07:00 · 1a7f8b4fdf
commit 1a7f8b4fdf
parent 6843d65ed1
5 changed files with 11 additions and 20 deletions
--- a/.buildkite/linux/entrypoint
+++ b/.buildkite/linux/entrypoint
@ -22,8 +22,8 @@ echo "--- Ensure libs importable"
 SKIP_RUN=1 ./run

 echo "--- Check Rust libs"
-cargo install cargo-deny
-cargo deny check -A duplicate
+cargo install cargo-deny --version 0.14.12
+cargo deny check

 echo "--- Cleanup"
 rm -rf /tmp/* || true
--- a/.deny.toml
+++ b/.deny.toml
@ -1,24 +1,15 @@
 # all-features = true
 # features = []
-no-default-features = false
-feature-depth = 1

 [advisories]
 db-path = "~/.cargo/advisory-db"
 db-urls = ["https://github.com/rustsec/advisory-db"]
-vulnerability = "deny"
-unmaintained = "warn"
-yanked = "warn"
-notice = "warn"
 ignore = [
-
+  # safemem only used by makeapp
+  "RUSTSEC-2023-0081",
 ]

 [licenses]
-unlicensed = "deny"
-copyleft = "deny"
-allow-osi-fsf-free = "neither"
-default = "deny"
 allow = [
  "MIT",
  "Apache-2.0",
@ -54,10 +45,10 @@ unknown-git = "warn"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]

 [sources.allow-org]
-github = ["ankitects", "open-spaced-repetition"]
+github = ["ankitects"]

 [bans]
-multiple-versions = "warn"
+multiple-versions = "allow"
 wildcards = "allow"
 highlight = "all"
 workspace-default-features = "allow"
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2595,9 +2595,9 @@ dependencies = [

 [[package]]
 name = "iana-time-zone"
-version = "0.1.59"
+version = "0.1.60"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539"
+checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141"
 dependencies = [
 "android_system_properties",
 "core-foundation-sys",
--- a/cargo/licenses.json
+++ b/cargo/licenses.json
@ -1801,7 +1801,7 @@
  },
  {
    "name": "iana-time-zone",
-    "version": "0.1.59",
+    "version": "0.1.60",
    "authors": "Andrew Straw <strawman@astraw.com>|René Kijewski <rene.kijewski@fu-berlin.de>|Ryan Lopopolo <rjl@hyperbo.la>",
    "repository": "https://github.com/strawlab/iana-time-zone",
    "license": "Apache-2.0 OR MIT",
--- a/tools/minilints/src/main.rs
+++ b/tools/minilints/src/main.rs
@ -203,8 +203,8 @@ impl LintContext {
 }

 fn check_cargo_deny() -> Result<()> {
-    Command::run("cargo install cargo-deny@0.13.5")?;
-    Command::run("cargo deny check -A duplicate")?;
+    Command::run("cargo install cargo-deny@0.14.12")?;
+    Command::run("cargo deny check")?;
    Ok(())
 }