diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml index 949fbd2f..f4aad512 100644 --- a/.github/workflows/cargo.yml +++ b/.github/workflows/cargo.yml @@ -75,32 +75,11 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings - # cargo-deny: - # name: cargo-deny - - # # TODO: remove this matrix when https://github.com/EmbarkStudios/cargo-deny/issues/324 is resolved - # strategy: - # fail-fast: false - # matrix: - # platform: - # - aarch64-apple-ios - # - aarch64-linux-android - # - i686-pc-windows-gnu - # - i686-pc-windows-msvc - # - i686-unknown-linux-gnu - # - wasm32-unknown-unknown - # - x86_64-apple-darwin - # - x86_64-apple-ios - # - x86_64-pc-windows-gnu - # - x86_64-pc-windows-msvc - # - x86_64-unknown-linux-gnu - # - x86_64-unknown-redox - - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@v6 - # - uses: EmbarkStudios/cargo-deny-action@v1 - # with: - # command: check - # log-level: error - # arguments: --all-features --target ${{ matrix.platform }} + cargo-deny: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: EmbarkStudios/cargo-deny-action@v2 + with: + command: check + arguments: --all-features diff --git a/deny.toml b/deny.toml index 864f8c20..b8a120e7 100644 --- a/deny.toml +++ b/deny.toml @@ -8,6 +8,7 @@ # Note: running just `cargo deny check` without a `--target` can result in # false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324 +[graph] targets = [ { triple = "aarch64-apple-darwin" }, { triple = "i686-pc-windows-gnu" }, @@ -26,7 +27,14 @@ exclude = ["rand_core"] [advisories] yanked = "deny" -ignore = [] +ignore = [ + # DoS via stack exhaustion in time RFC 2822 parsing. + # Fix (>=0.3.47) requires Rust 1.88.0, our MSRV is 1.85.0. + # dimpl only uses OffsetDateTime::now_utc() and Duration::days() for + # certificate generation — no RFC 2822 parsing. A clippy disallowed-types + # rule prevents accidental introduction of Rfc2822. + "RUSTSEC-2026-0009", +] [bans] multiple-versions = "deny"