[PR #6992] cargo deny #20717

New Issue

Open

opened 2026-04-25 22:41:25 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-25 22:41:25 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6992
Author: @TriplEight
Created: 3/22/2026
Status: 🔄 Open

Base: main ← Head: pr/3x8_cargo-deny

---

📝 Commits (4)

• 097cb1d ci: add cargo-deny config for supply-chain checks.
• baec66d ci: run cargo deny in build workflow
• 33b0316 Merge branch 'main' of github.com:dani-garcia/vaultwarden into pr/3x8_cargo-deny
• 5bc2f14 Address review feedback on deny.toml and build.yml

📊 Changes

2 files changed (+74 additions, -0 deletions)

View changed files

📝 .github/workflows/build.yml (+11 -0)
➕ deny.toml (+63 -0)

📄 Description

Add cargo-deny config for supply-chain checks.

Covers advisories (RustSec), license compliance, duplicate detection,
and source allowlist (crates.io only).

License allowlist reflects the full transitive dep tree: MIT, Apache-2.0,
ISC, BSD-*, 0BSD, Unlicense, Zlib, BSL-1.0, MPL-2.0, Unicode-3.0,
LGPL-2.1-or-later (r-efi, Windows-only), CDLA-Permissive-2.0 (webpki-roots).

Three known advisories are ignored:

• RUSTSEC-2023-0071: rsa Marvin Attack, no upstream fix available
• RUSTSEC-2025-0134: rustls-pemfile unmaintained, blocked on rustls upgrade
• RUSTSEC-2026-0049: rustls-webpki CRL bug, fix blocked by rustls 0.21.x chain

Duplicate versions are warned rather than denied - all are transitive.

Run cargo deny in build workflow

Adds a cargo-deny step (EmbarkStudios/cargo-deny-action@v2)
after clippy and fmt, gated to the rust-toolchain matrix channel only.
Wires the outcome into the existing failure summary table.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6992 **Author:** [@TriplEight](https://github.com/TriplEight) **Created:** 3/22/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `pr/3x8_cargo-deny` --- ### 📝 Commits (4) - [`097cb1d`](https://github.com/dani-garcia/vaultwarden/commit/097cb1daafbc86f81af2c6fb0fb01ceb921fe9d4) ci: add cargo-deny config for supply-chain checks. - [`baec66d`](https://github.com/dani-garcia/vaultwarden/commit/baec66df0c5d8604e3c27805a7a9a63d44e5007a) ci: run cargo deny in build workflow - [`33b0316`](https://github.com/dani-garcia/vaultwarden/commit/33b031699536ae7eae41306aa3f29d144ec715ee) Merge branch 'main' of github.com:dani-garcia/vaultwarden into pr/3x8_cargo-deny - [`5bc2f14`](https://github.com/dani-garcia/vaultwarden/commit/5bc2f1401f1d7abf3416a2f532b491ce4611d4d7) Address review feedback on deny.toml and build.yml ### 📊 Changes **2 files changed** (+74 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build.yml` (+11 -0) ➕ `deny.toml` (+63 -0) </details> ### 📄 Description ## Add cargo-deny config for supply-chain checks. Covers advisories (RustSec), license compliance, duplicate detection, and source allowlist (crates.io only). License allowlist reflects the full transitive dep tree: MIT, Apache-2.0, ISC, BSD-*, 0BSD, Unlicense, Zlib, BSL-1.0, MPL-2.0, Unicode-3.0, LGPL-2.1-or-later (r-efi, Windows-only), CDLA-Permissive-2.0 (webpki-roots). Three known advisories are ignored: - RUSTSEC-2023-0071: rsa Marvin Attack, no upstream fix available - RUSTSEC-2025-0134: rustls-pemfile unmaintained, blocked on rustls upgrade - RUSTSEC-2026-0049: rustls-webpki CRL bug, fix blocked by rustls 0.21.x chain Duplicate versions are warned rather than denied - all are transitive. # Run cargo deny in build workflow Adds a cargo-deny step (EmbarkStudios/cargo-deny-action@v2) after clippy and fmt, gated to the rust-toolchain matrix channel only. Wires the outcome into the existing failure summary table. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-25 22:41:25 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#20717