cargo-denyの警告に対処
Closed this issue · 2 comments
KisaragiEffective commented
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:65:1
│
65 │ vulnerability = "deny"
│ ^^^^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:67:1
│
67 │ unmaintained = "warn"
│ ^^^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:73:1
│
73 │ notice = "warn"
│ ^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:101:1
│
101 │ unlicensed = "deny"
│ ^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:152:1
│
152 │ allow-osi-fsf-free = "neither"
│ ^^^^^^^^^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:145:1
│
145 │ copyleft = "deny"
│ ^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:157:1
│
157 │ default = "deny"
│ ^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:125:1
│
125 │ deny = [
│ ^^^^
warning[deprecated]: this key has been moved to [graph]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:22:1
│
22 │ targets = [
│ ^^^^^^^
warning[deprecated]: this key has been moved to [graph]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:42:1
│
42 │ all-features = false
│ ^^^^^^^^^^^^
warning[deprecated]: this key has been moved to [graph]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:45:1
│
45 │ no-default-features = false
│ ^^^^^^^^^^^^^^^^^^^
warning[deprecated]: this key has been moved to [output]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:54:1
│
54 │ feature-depth = 1
│ ^^^^^^^^^^^^^
warning[license-not-encountered]: license was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:110:6
│
110 │ "ISC",
│ ^^^ unmatched license allowance
warning[license-not-encountered]: license was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:118:6
│
118 │ "OpenSSL",
│ ^^^^^^^ unmatched license allowance
warning[duplicate]: found 2 duplicate entries for crate 'heck'
┌─ /home/runner/work/reinventory-manager/reinventory-manager/Cargo.lock:45:1
│
45 │ ╭ heck 0.4.1 registry+https://github.com/rust-lang/crates.io-index
46 │ │ heck 0.5.0 registry+https://github.com/rust-lang/crates.io-index
│ ╰────────────────────────────────────────────────────────────────^ lock entries
│
= heck v0.4.1
└── strum_macros v0.26.1
└── strum v0.26.2
└── reinventory-manager v0.2.1
= heck v0.5.0
└── clap_derive v4.5.4
└── clap v4.5.4
└── reinventory-manager v0.2.1
warning[duplicate]: found 2 duplicate entries for crate 'socket2'
┌─ /home/runner/work/reinventory-manager/reinventory-manager/Cargo.lock:96:1
│
96 │ ╭ socket2 0.4.9 registry+https://github.com/rust-lang/crates.io-index
97 │ │ socket2 0.5.5 registry+https://github.com/rust-lang/crates.io-index
│ ╰───────────────────────────────────────────────────────────────────^ lock entries
│
= socket2 v0.4.9
└── hyper v0.14.27
└── reqwest v0.11.27
└── reinventory-manager v0.2.1
= socket2 v0.5.5
└── tokio v1.36.0
├── h2 v0.3.24
│ ├── hyper v0.14.27
│ │ └── reqwest v0.11.27
│ │ └── reinventory-manager v0.2.1
│ └── reqwest v0.11.27 (*)
├── hyper v0.14.27 (*)
├── reinventory-manager v0.2.1 (*)
├── reqwest v0.11.27 (*)
└── tokio-util v0.7.3
└── h2 v0.3.24 (*)
error[vulnerability]: Degradation of service in h2 servers with CONTINUATION Flood
┌─ /home/runner/work/reinventory-manager/reinventory-manager/Cargo.lock:43:1
│
43 │ h2 0.3.24 registry+https://github.com/rust-lang/crates.io-index
│ --------------------------------------------------------------- security vulnerability detected
│
= ID: RUSTSEC-2024-0332
= Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0332
= An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely.
This results in an increase in CPU usage.
Tokio task budget helps prevent this from a complete denial-of-service, as the server can still
respond to legitimate requests, albeit with increased latency.
More details at "[https://seanmonstar.com/blog/hyper-http2-continuation-flood/.](https://seanmonstar.com/blog/hyper-http2-continuation-flood/)
Patches available for 0.4.x and 0.3.x versions.
= Solution: Upgrade to ^0.3.26 OR >=0.4.4 (try `cargo update -p h2`)
= h2 v0.3.24
├── hyper v0.14.27
│ └── reqwest v0.11.27
│ └── reinventory-manager v0.2.1
└── reqwest v0.11.27 (*)
warning[yanked]: detected yanked crate (try `cargo update -p hermit-abi`)
┌─ /home/runner/work/reinventory-manager/reinventory-manager/Cargo.lock:48:1
│
48 │ hermit-abi 0.3.1 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------------- yanked version
│
= hermit-abi v0.3.1
└── is-terminal v0.4.12
└── reinventory-manager v0.2.1
warning[advisory-not-detected]: advisory was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:78:6
│
78 │ "RUSTSEC-2020-0071",
│ ^^^^^^^^^^^^^^^^^ no crate matched advisory criteria
advisories FAILED, bans ok, licenses ok, sources ok
Error: Process completed with exit code 1.
KisaragiEffective commented
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:65:1
│
65 │ vulnerability = "deny"
│ ^^^^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:67:1
│
67 │ unmaintained = "warn"
│ ^^^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:73:1
│
73 │ notice = "warn"
│ ^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:101:1
│
101 │ unlicensed = "deny"
│ ^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:152:1
│
152 │ allow-osi-fsf-free = "neither"
│ ^^^^^^^^^^^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:145:1
│
145 │ copyleft = "deny"
│ ^^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:157:1
│
157 │ default = "deny"
│ ^^^^^^^
warning[deprecated]: this key will be removed in a future update, see https://github.com/EmbarkStudios/cargo-deny/pull/611 for details
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:125:1
│
125 │ deny = [
│ ^^^^
warning[deprecated]: this key has been moved to [graph]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:22:1
│
22 │ targets = [
│ ^^^^^^^
warning[deprecated]: this key has been moved to [graph]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:42:1
│
42 │ all-features = false
│ ^^^^^^^^^^^^
warning[deprecated]: this key has been moved to [graph]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:45:1
│
45 │ no-default-features = false
│ ^^^^^^^^^^^^^^^^^^^
warning[deprecated]: this key has been moved to [output]
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:54:1
│
54 │ feature-depth = 1
│ ^^^^^^^^^^^^^
warning[duplicate]: found 2 duplicate entries for crate 'heck'
┌─ /home/runner/work/reinventory-manager/reinventory-manager/Cargo.lock:39:1
│
39 │ ╭ heck 0.4.1 registry+https://github.com/rust-lang/crates.io-index
40 │ │ heck 0.5.0 registry+https://github.com/rust-lang/crates.io-index
│ ╰────────────────────────────────────────────────────────────────^ lock entries
│
= heck v0.4.1
└── strum_macros v0.26.1
└── strum v0.26.2
└── reinventory-manager v0.2.1
= heck v0.5.0
└── clap_derive v4.5.4
└── clap v4.5.4
└── reinventory-manager v0.2.1
warning[license-not-encountered]: license was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:116:6
│
116 │ "BSD-3-Clause",
│ ^^^^^^^^^^^^ unmatched license allowance
warning[license-not-encountered]: license was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:110:6
│
110 │ "ISC",
│ ^^^ unmatched license allowance
warning[license-not-encountered]: license was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:118:6
│
118 │ "OpenSSL",
│ ^^^^^^^ unmatched license allowance
warning[yanked]: detected yanked crate (try `cargo update -p hermit-abi`)
┌─ /home/runner/work/reinventory-manager/reinventory-manager/Cargo.lock:42:1
│
42 │ hermit-abi 0.3.1 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------------- yanked version
│
= hermit-abi v0.3.1
└── is-terminal v0.4.12
└── reinventory-manager v0.2.1
warning[advisory-not-detected]: advisory was not encountered
┌─ /home/runner/work/reinventory-manager/reinventory-manager/deny.toml:78:6
│
78 │ "RUSTSEC-2020-0071",
│ ^^^^^^^^^^^^^^^^^ no crate matched advisory criteria
advisories ok, bans ok, licenses ok, sources ok
KisaragiEffective commented
#408 で EmbarkStudios/cargo-deny#611 絡みの警告はすべて消える