Skip to content

Run cargo deny check in Analyze job #2340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 29, 2025
Merged

Run cargo deny check in Analyze job #2340

merged 6 commits into from
Apr 29, 2025

Conversation

heaths
Copy link
Member

@heaths heaths commented Mar 14, 2025

No description provided.

@heaths heaths requested a review from hallipr March 14, 2025 23:31
@heaths
Copy link
Member Author

heaths commented Mar 14, 2025

@hallipr @RickWinter @LarryOsterman this is going to fail until we clean a few more things up. I got rid of some issues - mainly duplicates - when I got rid of http-types, but we still have ring popping up and iron oxide is causing a few dups as well, though it's not the end of the world. We should try to clean up as many possible.

I need to see if BSL-1.0 - the "Boost Software License" - is the same thing as the "Boot Software Code" license mentioned internally. I'll send @ronniegeraghty the internal link to track down.

heaths
heaths commented Mar 14, 2025
View reviewed changes
@heaths heaths linked an issue Mar 20, 2025 that may be closed by this pull request
Run cargo-deny in pipeline to check for violations before CG #2091
Closed
@heaths heaths added the EngSys This issue is impacting the engineering system. label Mar 20, 2025
@heaths
Update dependencies and remove ring dependency
b39e0ea 
The `reqwest_rustls` feature now enables `rustls-tls-native-roots-no-provider` instead of `rustls-tls-native-roots`, which removes the ring dependency.
@heaths heaths marked this pull request as ready for review April 28, 2025 23:17
@heaths
Copy link
Member Author

heaths commented Apr 28, 2025

This now removes the ring dependency, which wasn't obvious from the Cargo.lock file but once I incorporated cargo deny and started adding [[bans.features]] I was able to figure out that our reqwest_rustls could enable ring because we enabled the rustls-tls-native-roots instead of the rustls-tls-native-roots-no-provider feature, which requires configuring the cryptography provider if needed e.g., symcrypt.

@azure-sdk
Copy link
Collaborator

API change check

API changes are not detected in this pull request.

RickWinter
RickWinter approved these changes Apr 29, 2025
View reviewed changes
@heaths heaths enabled auto-merge (squash) April 29, 2025 17:02
@heaths heaths merged commit 74c9492 into Azure:main Apr 29, 2025
18 checks passed
@heaths heaths deleted the cargo-deny branch April 29, 2025 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hallipr hallipr hallipr approved these changes

@RickWinter RickWinter RickWinter approved these changes

@weshaggard weshaggard Awaiting requested review from weshaggard weshaggard is a code owner

@ronniegeraghty ronniegeraghty Awaiting requested review from ronniegeraghty ronniegeraghty is a code owner

@LarryOsterman LarryOsterman Awaiting requested review from LarryOsterman LarryOsterman is a code owner

Assignees
No one assigned
Labels
EngSys This issue is impacting the engineering system.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Run cargo-deny in pipeline to check for violations before CG
4 participants
@heaths @azure-sdk @hallipr @RickWinter