Upgrade cargo-deny (#114)

svix-jplatte · web-flow · commit 62e90196f909 · 2025-03-24T14:55:18.000+01:00
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -9,15 +9,17 @@ on:
       - main
     paths:
       - '**/Cargo.toml'
-      - '.github/workflows/rust-security.yml'
+      - 'deny.toml'
+      - '.github/workflows/security.yml'
   pull_request:
     paths:
       - '**/Cargo.toml'
-      - '.github/workflows/rust-security.yml'
+      - 'deny.toml'
+      - '.github/workflows/security.yml'
 
 jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
diff --git a/deny.toml b/deny.toml
@@ -1,3 +1,4 @@
+[graph]
 targets = [
     { triple = "x86_64-pc-windows-gnu" },
     { triple = "x86_64-unknown-linux-musl" },
@@ -8,29 +9,22 @@ targets = [
 [advisories]
 db-path = "~/.cargo/advisory-db"
 db-urls = ["https://github.com/rustsec/advisory-db"]
-vulnerability = "deny"
-unmaintained = "warn"
 yanked = "deny"
-notice = "warn"
-ignore = []
+ignore = [
+    # TODO: Wait for dependencies to upgrade off of paste
+    "RUSTSEC-2024-0436",
+]
 
 [licenses]
-unlicensed = "deny"
 allow = [
     "Apache-2.0",
     "BSD-2-Clause",
     "BSD-3-Clause",
     "ISC",
     "MIT",
     "MPL-2.0",
-    "OpenSSL",
     "Unicode-3.0",
-    "Unicode-DFS-2016",
 ]
-deny = []
-copyleft = "deny"
-allow-osi-fsf-free = "neither"
-default = "deny"
 confidence-threshold = 0.8
 exceptions = [
     #{ allow = ["Zlib"], name = "adler32", version = "*" },
