Commit Graph

16 Commits (7b385600fd08165ab645b0cfe2fcd75bf47603f5)

Author SHA1 Message Date
Marco Neumann 004b401a05
chore: upgrade to sqlx 0.7.1 (#8266)
There are a bunch of dependencies in `Cargo.lock` that are related to
mysql. These are NOT compiled at all, and are also not part of `cargo
tree`. The reason for the inclusion is a bug in cargo:

https://github.com/rust-lang/cargo/issues/10801

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2023-07-19 12:18:57 +00:00
Marco Neumann c4d475cb86
chore: prune mockito dependencies (#7991)
We don't really need the color feature. Removing it has several
benifits:

- less dependencies
- one less MPL license
- no `atty` (only used by tests but has a security bug)
2023-06-14 10:33:30 +00:00
Carol (Nichols || Goulding) f7eb465ee6
fix: Add chrono-english to the cargo-deny config to avoid pulling it in again in the future 2023-05-01 11:31:42 -04:00
Marco Neumann 808a13cf40
chore: remove `time` 0.1 & fix RUSTSEC-2020-0071 (#7568)
`time` 0.1 suffers from [RUSTSEC-2020-0071] and many upstream crates
have tried to remove it for years. The last dependency is

1. `chrono-english`
2. `chrono` (default features)
3. `chrono` (oldtime)
4. `time` 0.1

`chrono-english` doesn't seem to be super well maintained, but I
couldn't find a nice replacement for it. Luckily the master branch of
`chrono-english` is already fixed, so let's just directly use that.

[RUSTSEC-2020-0071]: https://rustsec.org/advisories/RUSTSEC-2020-0071

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2023-04-17 12:36:10 +00:00
Marco Neumann 1185ced87a
chore: deny unknown and copyleft licenses (#7556)
I just don't wanna rip out parts of our software stack because
someone gets cold feet.

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2023-04-17 08:08:48 +00:00
Marco Neumann 3a1b16e890
chore: ignore `RUSTSEC-2022-0090` (#6983) 2023-02-14 15:12:11 +00:00
Dom Dwyer 6b090fae53
ci: whitelist RUSTSEC-2021-0145
atty is used by criterion and mockito, both dev-only dependencies.
2023-01-09 16:16:04 +01:00
Andrew Lamb 034d9b371d
chore: Update datafusion and arrow/arrow-flight/parquet to `26.0.0` (#6061)
* chore: Update datafusion and arrow/arrow-flight/parquet to `26.0.0`

* fix: Update query_functions

* fix: update for TimestampNanosecondArray API changes

* fix: update for TimestampNanosecondArray API changes

* chore: Update flatbuffers and remove rustsec warning

* chore: Update text

* fix: update more test

* fix: Lock ahash to exactly 0.8.0

* fix: Update datafusion pin

* chore: Run cargo hakari tasks

Co-authored-by: Carol (Nichols || Goulding) <carol.nichols@gmail.com>
Co-authored-by: CircleCI[bot] <circleci@influxdata.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2022-11-07 11:01:58 +00:00
Raphael Taylor-Davies 711ba77341
chore: update object_store to test IMDSv1 fallback (#5509)
* chore: update object_store to test IMDSv1 fallback

* chore: Run cargo hakari tasks

Co-authored-by: CircleCI[bot] <circleci@influxdata.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2022-08-30 12:31:49 +00:00
Dom Dwyer e752a707f8 revert: remove audit ignore for RUSTSEC-2022-0048
This reverts commit 227149e5b6.
2022-08-30 10:39:55 +02:00
Dom Dwyer 227149e5b6 ci: remove audit ignore for RUSTSEC-2022-0048
Now the Azure SDK is no longer a transitive dependency, we can remove
this audit override for xml-rs.
2022-08-29 14:06:51 +02:00
Dom Dwyer 130785977f ci: ignore RUSTSEC-2022-0048
XML parsing lib for the Azure SDK is unmaintained and reportedly
contains integer overflow / panic issues in the parsing functionality.

Low risk ignore as it is used when talking to Azure only. The Azure SDK
is in the progress of being removed as a dependency.
2022-08-29 13:47:04 +02:00
Jacob Marble bacd2ea470
chore: unsuppress a few security notifications (#4967)
Helps #2884

- RUSTSEC-2020-0159 (withdrawn)
- RUSTSEC-2021-0127 (cargo deny says this isn't needed)
- "query" (cargo deny says this isn't needed)

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2022-06-29 19:49:50 +00:00
Marco Neumann 7d16f57c85
ci: simplify cargo deny (#4640)
Taken from https://github.com/influxdata/object_store_rs/pull/5

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2022-05-19 09:51:15 +00:00
Marco Neumann 52346642a0
ci: fix cargo deny (#4629)
* ci: fix cargo deny

* chore: downgrade `socket2`, version 0.4.5 was yanked

* chore: rename `query` to `iox_query`

`query` is already taken on crates.io and yanked and I am getting tired
of working around that.
2022-05-18 09:38:35 +00:00
Dom Dwyer 16941d0900 ci: cargo-deny config
Adds a config file for cargo-deny[1] that runs the following checks:

    * advisory-db[2] RUSTSEC checks for deps (like cargo-audit)
    * errors if a dependency has been "yanked" from crates.io
    * errors if attempting to use OpenSSL as a dependency.

The RUSTSEC checks copy over the whitelist from the current cargo-audit
config.

[1]: https://github.com/EmbarkStudios/cargo-deny
[2]: https://github.com/rustsec/advisory-db
2022-03-07 15:32:16 +00:00