blythe/conduwuit
blythe/conduwuit
1
0
Fork 0
mirror of https://github.com/girlbossceo/conduwuit.git synced 2025-03-14 18:55:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add cargo auditable for future use, ignore paste dependency being unmaintained for now

Browse source 
Signed-off-by: strawberry <june@girlboss.ceo>
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
strawberry 2025-03-08 13:52:56 -05:00 committed by June Clementine Strawberry
parent c8a730c29e
commit ef96e7afac
No known key found for this signature in database
3 changed files with 33 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
.cargo/audit.toml Normal file
View file

@ -0,0 +1,27 @@
[advisories]
ignore = ["RUSTSEC-2024-0436"] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
informational_warnings = [] # warn for categories of informational advisories
severity_threshold = "none" # CVSS severity ("none", "low", "medium", "high", "critical")
# Advisory Database Configuration
[database]
path = "~/.cargo/advisory-db" # Path where advisory git repo will be cloned
url = "https://github.com/RustSec/advisory-db.git" # URL to git repo
fetch = true # Perform a `git fetch` before auditing (default: true)
stale = false # Allow stale advisory DB (i.e. no commits for 90 days, default: false)
# Output Configuration
[output]
deny = ["warnings", "unmaintained", "unsound", "yanked"] # exit on error if unmaintained dependencies are found
format = "terminal" # "terminal" (human readable report) or "json"
quiet = false # Only print information on error
show_tree = true # Show inverse dependency trees along with advisories (default: true)
# Target Configuration
[target]
arch = ["x86_64", "aarch64"] # Ignore advisories for CPU architectures other than these
os = ["linux", "windows", "macos"] # Ignore advisories for operating systems other than these
[yanked]
enabled = true # Warn for yanked crates in Cargo.lock (default: true)
update_index = true # Auto-update the crates.io index (default: true)

2
engage.toml
View file

@ -63,7 +63,7 @@ script = "markdownlint --version"
[[task]] [[task]]
name = "cargo-audit" name = "cargo-audit"
group = "security" group = "security"
script = "cargo audit -D warnings -D unmaintained -D unsound -D yanked" script = "cargo audit --color=always -D warnings -D unmaintained -D unsound -D yanked"
[[task]] [[task]]
name = "cargo-fmt" name = "cargo-fmt"

8
flake.nix
View file

@ -144,18 +144,20 @@
toolchain toolchain
] ]
++ (with pkgsHost.pkgs; [ ++ (with pkgsHost.pkgs; [
engage
cargo-audit
# Required by hardened-malloc.rs dep # Required by hardened-malloc.rs dep
binutils binutils
cargo-audit
cargo-auditable
# Needed for producing Debian packages # Needed for producing Debian packages
cargo-deb cargo-deb
# Needed for CI to check validity of produced Debian packages (dpkg-deb) # Needed for CI to check validity of produced Debian packages (dpkg-deb)
dpkg dpkg
engage
# Needed for Complement # Needed for Complement
go go