From aa02016e0ee4b7b59648ea73773b97e27db3ed7c Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 29 Dec 2025 14:57:09 +0400 Subject: [PATCH 1/6] Fix cargo deny --- .github/workflows/code.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml index 107378d8c..461a9787a 100644 --- a/.github/workflows/code.yml +++ b/.github/workflows/code.yml @@ -156,7 +156,7 @@ jobs: util: - name: cargo deny download: > - curl -sSL "https://github.com/EmbarkStudios/cargo-deny/releases/download/0.14.24/cargo-deny-0.14.24-x86_64-unknown-linux-musl.tar.gz" | + curl -sSL "https://github.com/EmbarkStudios/cargo-deny/releases/download/0.18.9/cargo-deny-0.18.9-x86_64-unknown-linux-musl.tar.gz" | sudo tar -xzvf - -C /usr/local/bin --strip-components=1 run: cargo-deny check --hide-inclusion-graph --show-stats requiresRust: true From 854d983f3b027dc5a92e6214fada54b3b96936f3 Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 29 Dec 2025 15:00:56 +0400 Subject: [PATCH 2/6] Update cargo deny config --- deny.toml | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/deny.toml b/deny.toml index 823eaef37..838cb18db 100644 --- a/deny.toml +++ b/deny.toml @@ -1,3 +1,4 @@ +[graph] targets = [ # Host. { triple = "x86_64-unknown-linux-gnu", features = ["std"] }, @@ -9,14 +10,13 @@ targets = [ ] all-features = false no-default-features = true + +[output] feature-depth = 1 [advisories] -db-urls = ["https://github.com/rustsec/advisory-db"] -vulnerability = "deny" -unmaintained = "allow" +unmaintained = "workspace" yanked = "allow" -notice = "deny" ignore = [ # TODO(#1118): update the curve25519-dalek internal dependency to 4.1.3+ "RUSTSEC-2024-0344", @@ -41,7 +41,6 @@ ignore = [ ] [licenses] -unlicensed = "deny" allow = [ "MIT", "Apache-2.0", @@ -58,12 +57,12 @@ allow = [ "GPL-3.0 WITH Classpath-exception-2.0", "OpenSSL", ] -deny = [] -copyleft = "allow" -allow-osi-fsf-free = "neither" -default = "deny" confidence-threshold = 0.8 -exceptions = [{ allow = ["Unicode-DFS-2016"], name = "unicode-ident", version = "*" }] + +[[licenses.exceptions]] +allow = ["Unicode-DFS-2016"] +name = "unicode-ident" +version = "*" [[licenses.clarify]] name = "ring" @@ -81,14 +80,16 @@ highlight = "all" workspace-default-features = "allow" external-default-features = "allow" allow = [] -deny = [ - # Avoid using precompiled serde_derive. - { name = "serde_derive", version = "> 1.0.171, < 1.0.184" }, -] + features = [] skip = [] skip-tree = [] +[[bans.deny]] +name = "serde_derive" +version = "> 1.0.171, < 1.0.184" +reason = "Avoid using precompiled serde_derive." + [sources] unknown-registry = "deny" unknown-git = "deny" From a01e2a5ca48fc345afa4b1a7bd4492f7e7e9906d Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 29 Dec 2025 15:06:28 +0400 Subject: [PATCH 3/6] Switch to pastey --- Cargo.lock | 10 ++++++++-- Cargo.toml | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0e7d0b106..dd2dacd4a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5849,7 +5849,7 @@ version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff32365de1b6743cb203b710788263c44a03de03802daf96092f2da4fe6ba4d7" dependencies = [ - "proc-macro-crate 1.1.3", + "proc-macro-crate 3.1.0", "proc-macro2", "quote", "syn 2.0.107", @@ -6253,7 +6253,7 @@ dependencies = [ "pallet-evm-system", "pallet-timestamp", "parity-scale-codec", - "paste", + "pastey", "scale-info", "sp-core", "sp-io", @@ -6756,6 +6756,12 @@ version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" +[[package]] +name = "pastey" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b867cad97c0791bbd3aaa6472142568c6c9e8f71937e98379f584cfb0cf35bec" + [[package]] name = "pbkdf2" version = "0.8.0" diff --git a/Cargo.toml b/Cargo.toml index 40aa883bc..81a639264 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -44,7 +44,7 @@ num-traits = { version = "0.2", default-features = false } num_enum = { version = "0.7", default-features = false } numtoa = { version = "0.2", default-features = false } once_cell = { version = "1", default-features = false } -paste = { version = "1.0", default-features = false } +paste = { version = "0.2", package = "pastey", default-features = false } proc-macro2 = { version = "1", default-features = false } qr2term = { version = "0.3", default-features = false } quote = { version = "1.0", default-features = false } From fc5a35f5b254d32f07ceec00f620ee64572e5168 Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 29 Dec 2025 15:09:13 +0400 Subject: [PATCH 4/6] Tweak licenses --- deny.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deny.toml b/deny.toml index 838cb18db..34aaa7749 100644 --- a/deny.toml +++ b/deny.toml @@ -51,10 +51,10 @@ allow = [ "0BSD", "CC0-1.0", "Unlicense", + "GPL-3.0-or-later WITH Classpath-exception-2.0", # To review: "MPL-2.0", - "GPL-3.0 WITH Classpath-exception-2.0", "OpenSSL", ] confidence-threshold = 0.8 From c31b00affa356a80f8be0ba234729a95ad02d439 Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 29 Dec 2025 15:14:00 +0400 Subject: [PATCH 5/6] Tweak cve ignores --- deny.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deny.toml b/deny.toml index 34aaa7749..65c5698be 100644 --- a/deny.toml +++ b/deny.toml @@ -38,6 +38,11 @@ ignore = [ "RUSTSEC-2025-0055", # TODO(#1648): update the wasmtime internal dependency to 24.0.5+ "RUSTSEC-2025-0118", + # TODO(#1648): update the wasmtime-debug internal dependency to 24.0.0 + "RUSTSEC-2024-0442", + # TODO(#1657): atty in unmaintained, it is used by sc-tracing so wait for + # an update from upstream. + "RUSTSEC-2021-0145", ] [licenses] From d3b141cd6d29ba2db8df64a95725298ddbd7ccf9 Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Wed, 7 Jan 2026 10:14:09 +0400 Subject: [PATCH 6/6] Update features snapshot --- utils/checks/snapshots/features.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/checks/snapshots/features.yaml b/utils/checks/snapshots/features.yaml index 417d26b3b..a7fd0dca5 100644 --- a/utils/checks/snapshots/features.yaml +++ b/utils/checks/snapshots/features.yaml @@ -2143,6 +2143,8 @@ features: [] - name: paste 1.0.15 features: [] +- name: pastey 0.2.1 + features: [] - name: pbkdf2 0.12.2 features: - hmac