There are a bunch of dependencies in `Cargo.lock` that are related to
mysql. These are NOT compiled at all, and are also not part of `cargo
tree`. The reason for the inclusion is a bug in cargo:
https://github.com/rust-lang/cargo/issues/10801
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
We don't really need the color feature. Removing it has several
benifits:
- less dependencies
- one less MPL license
- no `atty` (only used by tests but has a security bug)
`time` 0.1 suffers from [RUSTSEC-2020-0071] and many upstream crates
have tried to remove it for years. The last dependency is
1. `chrono-english`
2. `chrono` (default features)
3. `chrono` (oldtime)
4. `time` 0.1
`chrono-english` doesn't seem to be super well maintained, but I
couldn't find a nice replacement for it. Luckily the master branch of
`chrono-english` is already fixed, so let's just directly use that.
[RUSTSEC-2020-0071]: https://rustsec.org/advisories/RUSTSEC-2020-0071
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
I just don't wanna rip out parts of our software stack because
someone gets cold feet.
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
XML parsing lib for the Azure SDK is unmaintained and reportedly
contains integer overflow / panic issues in the parsing functionality.
Low risk ignore as it is used when talking to Azure only. The Azure SDK
is in the progress of being removed as a dependency.
* ci: fix cargo deny
* chore: downgrade `socket2`, version 0.4.5 was yanked
* chore: rename `query` to `iox_query`
`query` is already taken on crates.io and yanked and I am getting tired
of working around that.
Adds a config file for cargo-deny[1] that runs the following checks:
* advisory-db[2] RUSTSEC checks for deps (like cargo-audit)
* errors if a dependency has been "yanked" from crates.io
* errors if attempting to use OpenSSL as a dependency.
The RUSTSEC checks copy over the whitelist from the current cargo-audit
config.
[1]: https://github.com/EmbarkStudios/cargo-deny
[2]: https://github.com/rustsec/advisory-db
Marco Neumann
Carol (Nichols || Goulding)
Dom Dwyer
Andrew Lamb
Raphael Taylor-Davies
Jacob Marble