diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml index e88ea528..87b9ac64 100644 --- a/.github/workflows/deny.yml +++ b/.github/workflows/deny.yml @@ -5,5 +5,8 @@ jobs: cargo-deny: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: EmbarkStudios/cargo-deny-action@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: EmbarkStudios/cargo-deny-action@76cd80eb775d7bbbd2d80292136d74d39e1b4918 # v2.0.11 + with: + command: check + command-arguments: "--allow unmaintained --hide-inclusion-graph" diff --git a/deny.toml b/deny.toml index c9d06507..a7d3f75f 100644 --- a/deny.toml +++ b/deny.toml @@ -1,4 +1,15 @@ [advisories] +ignore = [ + # TODO: upgrade to ruint 1.17.1 + { id = "RUSTSEC-2025-0137", reason = "Unsoundness in reciprocal_mg10, which we do not use" }, + # TODO: replace paste with pastey + { id = "RUSTSEC-2024-0436", reason = "Use of unmaintained crate paste" }, + # TODO: replace instant with web-time + { id = "RUSTSEC-2024-0384", reason = "Use of unmaintained crate instant" }, + { id = "RUSTSEC-2025-0141", reason = "Use of unmaintained crate bincode" }, + { id = "RUSTSEC-2024-0388", reason = "Use of unmaintained crate derivative" } +] + [bans] multiple-versions = "warn" @@ -27,6 +38,8 @@ allow = [ "ISC", "Unicode-3.0", "CC0-1.0", + "CDDL-1.0", + ] exceptions = [ ] @@ -53,4 +66,4 @@ license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] [[licenses.clarify]] crate = "rustls-webpki" expression = "ISC" -license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] \ No newline at end of file +license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] diff --git a/tools/cli/README.md b/tools/cli/README.md index 38f397fd..8703c33f 100644 --- a/tools/cli/README.md +++ b/tools/cli/README.md @@ -24,7 +24,7 @@ You can also: You can run the RISC-V binary on the emulator, to see the expected outputs and number of used cycles. ``` -cargo run run --bin ../../examples/basic_fibonacci/app.bin +cargo run run --bin ../../examples/basic_fibonacci/app.bin ``` By default it will run for up to 1_000_000 cycles, but you can specify `--cycles` to set number of cycles manually.