chore: dependency maintenance

[chriswk]

No description provided.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

License Issues

Cargo.lock

Package	Version	License	Issue Type
unleash-yggdrasil	0.13.2	Null	Unknown License

server/Cargo.toml

Package	Version	License	Issue Type
unleash-yggdrasil	>= 0.13.2, < 0.14.0	Null	Unknown License
redis	>= 0.27.0, < 0.28.0	Null	Unknown License
rustls	>= 0.23.13, < 0.24.0	Null	Unknown License

Denied Licenses: GPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, MPL-2.0, AGPL-3.0

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
cargo/anyhow	1.0.89	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/20 approved changesets -- score normalized to 0 Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clone_dyn_types	0.23.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 4 Found 4/9 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/iter_tools	0.21.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 4 Found 4/9 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/redis	0.27.2	Unknown	Unknown
cargo/rustls	0.23.13	Unknown	Unknown
cargo/rustls-webpki	0.102.8	Unknown	Unknown
cargo/serde	1.0.210	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 3/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_derive	1.0.210	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 3/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_json	1.0.128	🟢 6.9	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/shadow-rs	0.35.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/unleash-yggdrasil	0.13.2	Unknown	Unknown
cargo/anyhow	>= 1.0.89, < 2.0.0	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/20 approved changesets -- score normalized to 0 Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/iter_tools	>= 0.21.0, < 0.22.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 4 Found 4/9 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/redis	>= 0.27.0, < 0.28.0	Unknown	Unknown
cargo/rustls	>= 0.23.13, < 0.24.0	Unknown	Unknown
cargo/serde	>= 1.0.210, < 2.0.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 3/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_json	>= 1.0.128, < 2.0.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/shadow-rs	>= 0.35.0, < 0.36.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/shadow-rs	>= 0.35.0, < 0.36.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/unleash-yggdrasil	>= 0.13.2, < 0.14.0	Unknown	Unknown

Scanned Manifest Files

Cargo.lock

• anyhow@1.0.89
• clone_dyn_types@0.23.0
• iter_tools@0.21.0
• redis@0.27.2
• rustls@0.23.13
• rustls-webpki@0.102.8
• serde@1.0.210
• serde_derive@1.0.210
• serde_json@1.0.128
• shadow-rs@0.35.0
• unleash-yggdrasil@0.13.2
• anyhow@1.0.86
• clone_dyn_types@0.22.0
• hostname@0.3.1
• iter_tools@0.20.0
• match_cfg@0.1.0
• redis@0.26.1
• rustls@0.23.12
• rustls-webpki@0.102.7
• serde@1.0.209
• serde_derive@1.0.209
• serde_json@1.0.127
• shadow-rs@0.33.0
• unleash-yggdrasil@0.13.0

server/Cargo.toml

• anyhow@>= 1.0.89, < 2.0.0
• iter_tools@>= 0.21.0, < 0.22.0
• redis@>= 0.27.0, < 0.28.0
• rustls@>= 0.23.13, < 0.24.0
• serde@>= 1.0.210, < 2.0.0
• serde_json@>= 1.0.128, < 2.0.0
• shadow-rs@>= 0.35.0, < 0.36.0
• shadow-rs@>= 0.35.0, < 0.36.0
• unleash-yggdrasil@>= 0.13.2, < 0.14.0
• anyhow@>= 1.0.86, < 2.0.0
• iter_tools@>= 0.20.0, < 0.21.0
• redis@>= 0.26.1, < 0.27.0
• rustls@>= 0.23.12, < 0.24.0
• serde@>= 1.0.209, < 2.0.0
• serde_json@>= 1.0.127, < 2.0.0
• shadow-rs@>= 0.33.0, < 0.34.0
• shadow-rs@>= 0.33.0, < 0.34.0
• unleash-yggdrasil@>= 0.13.0, < 0.14.0

[sighphyre]

LGTM