From f835fe4f5d33318bbee4f2185290cdda6fc2b3cc Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Thu, 4 Apr 2024 20:49:50 +0200 Subject: [PATCH 01/11] fix: remove `PartialEq` implementation from `JsonWebKey` fixes #95 --- src/jwk.rs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/jwk.rs b/src/jwk.rs index 828f7b7..bdfeada 100644 --- a/src/jwk.rs +++ b/src/jwk.rs @@ -68,6 +68,18 @@ pub use self::{ /// an abstract representation of all possible key types. The [`JsonWebKeyType`] /// enum is used to specialize on concrete key type. /// +/// # Comparison and equality +/// +/// It is not defined how to determine if a [`JsonWebKey`] is [equal](PartialEq) +/// to another. Therefore, [`JsonWebKey`] *does not* implement [`PartialEq`]. +/// If you want to compare a [`JsonWebKey`], you should either use something +/// like the [`kid`](JsonWebKey::key_id) parameter or a [`Thumbprint`] of +/// the key (or ideally, a [`Thumbprint`] as [`kid`](JsonWebKey::key_id)). +/// +/// You should *avoid* comparing the serialized form of a [`JsonWebKey`] as it +/// may contain optional parameters, which may not always be present and would +/// lead to unexpected results. +/// /// # Examples /// /// Parse a JsonWebKey from its json representation: @@ -184,7 +196,7 @@ pub use self::{ /// [RFC 7517]: /// [section 6 of RFC 7518]: /// [IANA `Json Web Key Parameters` registry]: -#[derive(Debug, PartialEq, Eq, Deserialize, Serialize, Clone)] +#[derive(Debug, Deserialize, Serialize, Clone)] pub struct JsonWebKey { /// Additional members in the JWK as permitted by the fourth paragraph of /// [section 4] From 8ee5370722c0e63ce594ad0ef3b8d0f40cc03b3b Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 15:18:41 +0100 Subject: [PATCH 02/11] chore: update tests to reflect missing PartialEq implementation --- tests/jwk.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/jwk.rs b/tests/jwk.rs index 327dee4..bb531ec 100644 --- a/tests/jwk.rs +++ b/tests/jwk.rs @@ -308,10 +308,10 @@ fn convert_to_public_key() { let public: JsonWebKey = serde_json::from_str(&public_json).unwrap(); let public_converted = private.clone().into_verifying_key(); - assert_eq!(public, public_converted); + assert_eq!(public.key_type(), public_converted.key_type()); let public_converted = private.strip_secret_material().unwrap(); - assert_eq!(public, public_converted); + assert_eq!(public.key_type(), public_converted.key_type()); } #[test] From b7ffa8568645e72f0c444a401d1a5f820b964563 Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 15:23:20 +0100 Subject: [PATCH 03/11] chore: update dependencies --- Cargo.lock | 187 ++++++++++++++++++++++++++--------------------------- Cargo.toml | 8 +-- 2 files changed, 96 insertions(+), 99 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6a600a9..9799829 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,30 +1,18 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 - -[[package]] -name = "ahash" -version = "0.8.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" -dependencies = [ - "cfg-if", - "once_cell", - "version_check", - "zerocopy", -] +version = 4 [[package]] name = "allocator-api2" -version = "0.2.16" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5" +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" [[package]] name = "autocfg" -version = "1.2.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "base16ct" @@ -67,9 +55,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3" dependencies = [ "libc", ] @@ -98,16 +86,15 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.2" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "digest", "fiat-crypto", - "platforms", "rustc_version", "subtle", "zeroize", @@ -121,7 +108,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.96", ] [[package]] @@ -208,6 +195,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "equivalent" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" + [[package]] name = "ff" version = "0.13.0" @@ -220,9 +213,15 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.7" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "foldhash" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c007b1ae3abe1cb6f85a16305acd418b7ca6343b953633fee2b76d8f108b830f" +checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f" [[package]] name = "generic-array" @@ -238,9 +237,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -260,12 +259,13 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" dependencies = [ - "ahash", "allocator-api2", + "equivalent", + "foldhash", "serde", ] @@ -280,9 +280,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.11" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" +checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674" [[package]] name = "jose" @@ -318,9 +318,9 @@ dependencies = [ [[package]] name = "k256" -version = "0.13.3" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "956ff9b67e26e1a6a866cb758f12c6f8746208489e3e4a4b5580802f2f0a587b" +checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" dependencies = [ "cfg-if", "ecdsa", @@ -330,24 +330,24 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ "spin", ] [[package]] name = "libc" -version = "0.2.153" +version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" [[package]] name = "libm" -version = "0.2.8" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" +checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" [[package]] name = "mediatype" @@ -358,6 +358,12 @@ dependencies = [ "serde", ] +[[package]] +name = "memchr" +version = "2.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + [[package]] name = "num-bigint-dig" version = "0.8.4" @@ -386,9 +392,9 @@ dependencies = [ [[package]] name = "num-iter" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -397,20 +403,14 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", ] -[[package]] -name = "once_cell" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - [[package]] name = "ordered-float" version = "2.10.1" @@ -474,17 +474,14 @@ dependencies = [ "spki", ] -[[package]] -name = "platforms" -version = "3.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" - [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] [[package]] name = "primeorder" @@ -497,18 +494,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.35" +version = "1.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc" dependencies = [ "proc-macro2", ] @@ -555,9 +552,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.6" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" +checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519" dependencies = [ "const-oid", "digest", @@ -575,18 +572,18 @@ dependencies = [ [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "ryu" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "sec1" @@ -605,15 +602,15 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.22" +version = "1.0.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.217" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70" dependencies = [ "serde_derive", ] @@ -630,22 +627,23 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.217" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.96", ] [[package]] name = "serde_json" -version = "1.0.115" +version = "1.0.137" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd" +checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] @@ -700,9 +698,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" @@ -716,9 +714,9 @@ dependencies = [ [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -733,9 +731,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.58" +version = "2.0.96" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" +checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80" dependencies = [ "proc-macro2", "quote", @@ -770,15 +768,15 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wasi" @@ -788,26 +786,27 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "zerocopy" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ + "byteorder", "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.96", ] [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" diff --git a/Cargo.toml b/Cargo.toml index 57233ca..b2bcd5a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,14 +11,12 @@ std = ["signature/std", "thiserror-no-std/std", "rsa/std", "rand_core/std"] [dependencies] thiserror-no-std = "2.0.2" base64ct = { version = "1.5", default-features = false, features = ["alloc"] } -serde = { version = "1.0.139", default-features = false, features = [ +serde = { version = "1", default-features = false, features = [ "alloc", "derive", ] } -serde_json = { version = "1.0.50", default-features = false, features = [ - "alloc", -] } -hashbrown = { version = "0.14", features = ["serde"] } +serde_json = { version = "1", default-features = false, features = ["alloc"] } +hashbrown = { version = "0.15", features = ["serde"] } rand_core = { version = "0.6", features = ["getrandom", "alloc"] } hmac = { version = "0.12", default-features = false } sha1 = { version = "0.10", default-features = false, features = ["oid"] } From d4a6422d4e1655fdf2d6c20488895645cc1a3a16 Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 15:24:22 +0100 Subject: [PATCH 04/11] chore: fix clippy lints --- src/jwk/okp.rs | 1 - src/tagged_visitor.rs | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/jwk/okp.rs b/src/jwk/okp.rs index 2803788..8125c0e 100644 --- a/src/jwk/okp.rs +++ b/src/jwk/okp.rs @@ -45,7 +45,6 @@ pub mod curve448 { #[non_exhaustive] #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] #[serde(untagged)] - pub enum OkpPublic { /// `kty` is `OKP` and `crv` is either `Ed25519` or `X25519` Curve25519(Curve25519Public), diff --git a/src/tagged_visitor.rs b/src/tagged_visitor.rs index 393f83f..0b7f807 100644 --- a/src/tagged_visitor.rs +++ b/src/tagged_visitor.rs @@ -19,7 +19,7 @@ pub(crate) struct TaggedContentVisitor<'de, T> { _content: PhantomData<&'de [u8]>, } -impl<'de, T> TaggedContentVisitor<'de, T> { +impl TaggedContentVisitor<'_, T> { pub fn new(tag_name: &'static str, expecting: &'static str) -> Self { Self { tag_name, From aad659a391e213c69488c825ef7a68cdff762cf7 Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 15:30:32 +0100 Subject: [PATCH 05/11] fix: allow unused_qualifications lint in std because it is needed in no_std --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index a01c336..436b607 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -6,7 +6,6 @@ trivial_numeric_casts, unused_extern_crates, unused_import_braces, - unused_qualifications, explicit_outlives_requirements, clippy::missing_errors_doc )] @@ -19,6 +18,7 @@ )] #![forbid(unsafe_code)] #![cfg_attr(not(feature = "std"), no_std)] +#![cfg_attr(feature = "std", allow(unused_qualifications))] extern crate alloc; From d111b3d7e2fbf32776773742dbb516affe0f02cd Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 15:41:40 +0100 Subject: [PATCH 06/11] ci: remove outdated actions-rs --- .github/workflows/check.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index a222466..0495bf8 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -48,11 +48,7 @@ jobs: toolchain: ${{ matrix.toolchain }} components: clippy - name: cargo clippy - uses: actions-rs/clippy-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - args: --all-features -- -D warnings - + run: cargo clippy --all-features -- -D warnings doc: runs-on: ubuntu-latest name: nightly / doc @@ -106,7 +102,7 @@ jobs: # https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability strategy: matrix: - msrv: ["1.65"] + msrv: ["1.84"] name: ubuntu / ${{ matrix.msrv }} steps: - uses: actions/checkout@v4 From 6292c754aa062db6d6a85a75984a0c8ad3d097ef Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 16:02:29 +0100 Subject: [PATCH 07/11] ci: disable minimal semver version check because serde-json breaks it --- .github/workflows/test.yml | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 165523e..0b7e6ba 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,24 +32,25 @@ jobs: # https://github.com/rust-lang/cargo/issues/6669 - name: cargo test --doc run: cargo test --locked --all-features --doc - - minimal: - runs-on: ubuntu-latest - name: ubuntu / stable / minimal-versions - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Install stable - uses: dtolnay/rust-toolchain@stable - - name: Install nightly for -Zminimal-versions - uses: dtolnay/rust-toolchain@nightly - - name: rustup default stable - run: rustup default stable - - name: cargo update -Zminimal-versions - run: cargo +nightly update -Zminimal-versions - - name: cargo test - run: cargo test --locked --all-features --all-targets + # FIXME: enable again after memchr use in serde-json is fixed -> serde-json + # needs to correctly pin memchr + # minimal: + # runs-on: ubuntu-latest + # name: ubuntu / stable / minimal-versions + # steps: + # - uses: actions/checkout@v4 + # with: + # submodules: true + # - name: Install stable + # uses: dtolnay/rust-toolchain@stable + # - name: Install nightly for -Zminimal-versions + # uses: dtolnay/rust-toolchain@nightly + # - name: rustup default stable + # run: rustup default stable + # - name: cargo update -Zminimal-versions + # run: cargo +nightly update -Zminimal-versions + # - name: cargo test + # run: cargo test --locked --all-features --all-targets os-check: runs-on: ${{ matrix.os }} From 51af9f57e140c3dcd7b0d1347523a5b1facfc638 Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 16:20:25 +0100 Subject: [PATCH 08/11] ci: update to EmbarkStudios/cargo-deny-action@v2 --- .github/workflows/check.yml | 2 +- deny.toml | 260 ++++++++++++++++++++---------------- 2 files changed, 144 insertions(+), 118 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 0495bf8..5e7be18 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -77,7 +77,7 @@ jobs: with: submodules: true - name: cargo-deny - uses: EmbarkStudios/cargo-deny-action@v1 + uses: EmbarkStudios/cargo-deny-action@v2 with: command: check ${{ matrix.checks }} diff --git a/deny.toml b/deny.toml index f24245a..a985a58 100644 --- a/deny.toml +++ b/deny.toml @@ -1,43 +1,92 @@ -targets = [] +# This template contains all of the possible sections and their default values + +# Note that all fields that take a lint level have these possible values: +# * deny - An error will be produced and the check will fail +# * warn - A warning will be produced, but the check will not fail +# * allow - No warning or error will be produced, though in some cases a note +# will be + +# The values provided in this template are the default values that will be used +# when any section or field is not specified in your own configuration + +# Root options + +# The graph table configures how the dependency graph is constructed and thus +# which crates the checks are performed against +[graph] +# If 1 or more target triples (and optionally, target_features) are specified, +# only the specified targets will be checked when running `cargo deny check`. +# This means, if a particular package is only ever used as a target specific +# dependency, such as, for example, the `nix` crate only being used via the +# `target_family = "unix"` configuration, that only having windows targets in +# this list would mean the nix crate, as well as any of its exclusive +# dependencies not shared by any other crates, would be ignored, as the target +# list here is effectively saying which targets you are building for. +targets = [ + # The triple can be any string, but only the target triples built in to + # rustc (as of 1.40) can be checked against actual config expressions + #"x86_64-unknown-linux-musl", + # You can also specify which target_features you promise are enabled for a + # particular target. target_features are currently not validated against + # the actual valid features supported by the target architecture. + #{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, +] +# When creating the dependency graph used as the source of truth when checks are +# executed, this field can be used to prune crates from the graph, removing them +# from the view of cargo-deny. This is an extremely heavy hammer, as if a crate +# is pruned from the graph, all of its dependencies will also be pruned unless +# they are connected to another crate in the graph that hasn't been pruned, +# so it should be used with care. The identifiers are [Package ID Specifications] +# (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html) +#exclude = [] +# If true, metadata will be collected with `--all-features`. Note that this can't +# be toggled off if true, if you want to conditionally enable `--all-features` it +# is recommended to pass `--all-features` on the cmd line instead +all-features = true +# If true, metadata will be collected with `--no-default-features`. The same +# caveat with `all-features` applies +no-default-features = false +# If set, these feature will be enabled when collecting metadata. If `--features` +# is specified on the cmd line they will take precedence over this option. +#features = [] + +# The output table provides options for how/if diagnostics are outputted +[output] +# When outputting inclusion graphs in diagnostics that include features, this +# option can be used to specify the depth at which feature edges will be added. +# This option is included since the graphs can be quite large and the addition +# of features from the crate(s) to all of the graph roots can be far too verbose. +# This option can be overridden via `--feature-depth` on the cmd line +feature-depth = 1 # This section is considered when running `cargo deny check advisories` # More documentation for the advisories section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html [advisories] -# The path where the advisory database is cloned/fetched into -db-path = "~/.cargo/advisory-db" +# The path where the advisory databases are cloned/fetched into +#db-path = "$CARGO_HOME/advisory-dbs" # The url(s) of the advisory databases to use -db-urls = ["https://github.com/rustsec/advisory-db"] -# The lint level for security vulnerabilities -vulnerability = "deny" -# The lint level for unmaintained crates -unmaintained = "warn" -# The lint level for crates that have been yanked from their source registry -yanked = "warn" -# The lint level for crates with security notices. Note that as of -# 2019-12-17 there are no security notice advisories in -# https://github.com/rustsec/advisory-db -notice = "warn" +#db-urls = ["https://github.com/rustsec/advisory-db"] # A list of advisory IDs to ignore. Note that ignored advisories will still # output a note when they are encountered. -ignore = [] -# Threshold for security vulnerabilities, any vulnerability with a CVSS score -# lower than the range specified will be ignored. Note that ignored advisories -# will still output a note when they are encountered. -# * None - CVSS Score 0.0 -# * Low - CVSS Score 0.1 - 3.9 -# * Medium - CVSS Score 4.0 - 6.9 -# * High - CVSS Score 7.0 - 8.9 -# * Critical - CVSS Score 9.0 - 10.0 -#severity-threshold = +ignore = [ + { id = "RUSTSEC-2023-0071", reason = "No fix available, see https://github.com/RustCrypto/RSA/issues/19 and https://github.com/RustCrypto/RSA/pull/394" }, + #"RUSTSEC-0000-0000", + #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, + #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish + #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" }, +] +# If this is true, then cargo deny will use the git executable to fetch advisory database. +# If this is false, then it uses a built-in git library. +# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support. +# See Git Authentication for more information about setting up git authentication. +#git-fetch-with-cli = true # This section is considered when running `cargo deny check licenses` # More documentation for the licenses section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html [licenses] -# The lint level for crates which do not have a detectable license -unlicensed = "deny" -# List of explictly allowed licenses +# List of explicitly allowed licenses # See https://spdx.org/licenses/ for list of possible licenses # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. allow = [ @@ -52,69 +101,6 @@ allow = [ # "ISC", # "CC0-1.0", ] -# List of explictly disallowed licenses -# See https://spdx.org/licenses/ for list of possible licenses -# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. -deny = [ - "AFL-1.1", - "AFL-1.2", - "AFL-2.0", - "AFL-2.1", - "AFL-3.0", - "AGPL-1.0", - "Apache-1.0", - "Apache-1.1", - "APSL-1.0", - "APSL-1.1", - "APSL-1.2", - "APSL-2.0", - "BSD-4-Clause", - "CDDL-1.0", - "CDDL-1.1", - "CPL-1.0", - "EPL-1.0", - "EPL-2.0", - "EUPL-1.0", - "EUPL-1.1", - "EUPL-1.2", - "IPL-1.0", - "LPPL-1.0", - "LPPL-1.1", - "LPPL-1.2", - "LPPL-1.3a", - "LPPL-1.3c", - "MS-PL", - "MS-RL", - "Nokia", - "OpenSSL", - "OSL-1.0", - "OSL-1.1", - "OSL-2.0", - "OSL-2.1", - "OSL-3.0", - "Python-2.0", - "QPL-1.0", - "SISSL", - "SISSL-1.2", - "Zend-2.0", - "ZPL-1.1", - "ZPL-2.0", - "ZPL-2.1", -] -# Lint level for licenses considered copyleft -copyleft = "allow" -# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses -# * both - The license will be approved if it is both OSI-approved *AND* FSF -# * either - The license will be approved if it is either OSI-approved *OR* FSF -# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF -# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved -# * neither - This predicate is ignored and the default lint level is used -allow-osi-fsf-free = "neither" -# Lint level used when no other predicates are matched -# 1. License isn't in the allow or deny lists -# 2. License isn't copyleft -# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither" -default = "deny" # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the # canonical license text of a valid SPDX license file. @@ -122,16 +108,18 @@ default = "deny" confidence-threshold = 0.8 # Allow 1 or more licenses on a per-crate basis, so that particular licenses # aren't accepted for every possible crate as with the normal allow list -exceptions = [] +exceptions = [ + # Each entry is the crate and version constraint, and its specific allow + # list + #{ allow = ["Zlib"], crate = "adler32" }, +] # Some crates don't have (easily) machine readable licensing information, # adding a clarification entry for it allows you to manually specify the # licensing information #[[licenses.clarify]] -# The name of the crate the clarification applies to -#name = "ring" -# The optional version constraint for the crate -#version = "*" +# The package spec the clarification applies to +#crate = "ring" # The SPDX expression for the license requirements of the crate #expression = "MIT AND ISC AND OpenSSL" # One or more files in the crate's source used as the "source of truth" for @@ -143,20 +131,19 @@ exceptions = [] # Each entry is a crate relative path, and the (opaque) hash of its contents #{ path = "LICENSE", hash = 0xbd0eed23 } #] -[[licenses.clarify]] -name = "encoding_rs" -version = "*" -expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause" -license-files = [{ path = "COPYRIGHT", hash = 0x39f8ad31 }] [licenses.private] # If true, ignores workspace crates that aren't published, or are only -# published to private registries +# published to private registries. +# To see how to mark a crate as unpublished (to the official registry), +# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field. ignore = false # One or more private registries that you might publish crates to, if a crate # is only published to private registries, and ignore is true, the crate will # not have its license(s) checked -registries = [] +registries = [ + #"https://sekretz.com/registry +] # This section is considered when running `cargo deny check bans`. # More documentation about the 'bans' section can be found here: @@ -165,33 +152,72 @@ registries = [] # Lint level for when multiple versions of the same crate are detected multiple-versions = "warn" # Lint level for when a crate version requirement is `*` -wildcards = "deny" +wildcards = "warn" # The graph highlighting used when creating dotgraphs for crates # with multiple versions # * lowest-version - The path to the lowest versioned duplicate is highlighted # * simplest-path - The path to the version with the fewest edges is highlighted # * all - Both lowest-version and simplest-path are used highlight = "all" +# The default lint level for `default` features for crates that are members of +# the workspace that is being checked. This can be overridden by allowing/denying +# `default` on a crate-by-crate basis if desired. +workspace-default-features = "warn" +# The default lint level for `default` features for external crates that are not +# members of the workspace. This can be overridden by allowing/denying `default` +# on a crate-by-crate basis if desired. +external-default-features = "allow" # List of crates that are allowed. Use with care! -allow = [] +allow = [ + #"ansi_term@0.11.0", + #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" }, +] # List of crates to deny deny = [ { name = "ring", version = "*" }, - # Each entry the name of a crate and a version range. If version is - # not specified, all versions will be matched. - #{ name = "ansi_term", version = "=0.11.0" }, - # + #"ansi_term@0.11.0", + #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" }, # Wrapper crates can optionally be specified to allow the crate when it # is a direct dependency of the otherwise banned crate - #{ name = "ansi_term", version = "=0.11.0", wrappers = [] }, + #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] }, ] + +# List of features to allow/deny +# Each entry the name of a crate and a version range. If version is +# not specified, all versions will be matched. +#[[bans.features]] +#crate = "reqwest" +# Features to not allow +#deny = ["json"] +# Features to allow +#allow = [ +# "rustls", +# "__rustls", +# "__tls", +# "hyper-rustls", +# "rustls", +# "rustls-pemfile", +# "rustls-tls-webpki-roots", +# "tokio-rustls", +# "webpki-roots", +#] +# If true, the allowed features must exactly match the enabled feature set. If +# this is set there is no point setting `deny` +#exact = true + # Certain crates/versions that will be skipped when doing duplicate detection. -skip = [] -# Similarly to `skip` allows you to skip certain crates during duplicate -# detection. Unlike skip, it also includes the entire tree of transitive +skip = [ + #"ansi_term@0.11.0", + #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" }, +] +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Unlike skip, it also includes the entire tree of transitive # dependencies starting at the specified crate, up to a certain depth, which is -# by default infinite -skip-tree = [] +# by default infinite. +skip-tree = [ + #"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies + #{ crate = "ansi_term@0.11.0", depth = 20 }, +] # This section is considered when running `cargo deny check sources`. # More documentation about the 'sources' section can be found here: @@ -210,9 +236,9 @@ allow-registry = ["https://github.com/rust-lang/crates.io-index"] allow-git = [] [sources.allow-org] -# 1 or more github.com organizations to allow git sources for +# github.com organizations to allow git sources for github = [] -# 1 or more gitlab.com organizations to allow git sources for +# gitlab.com organizations to allow git sources for gitlab = [] -# 1 or more bitbucket.org organizations to allow git sources for +# bitbucket.org organizations to allow git sources for bitbucket = [] From f54190c11de2d217ad8cd04f97db31a22f45cb0a Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 16:35:18 +0100 Subject: [PATCH 09/11] ci: modify deny.toml --- deny.toml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/deny.toml b/deny.toml index a985a58..b07cc31 100644 --- a/deny.toml +++ b/deny.toml @@ -93,10 +93,13 @@ allow = [ "MIT", "Apache-2.0", # for unicode-ident crate - "Unicode-DFS-2016", + "Unicode-3.0", + #"Unicode-DFS-2016", # "Apache-2.0 WITH LLVM-exception", # "MPL-2.0", "BSD-3-Clause", + # For hashbrown dependency + "Zlib", # "BSD-2-Clause", # "ISC", # "CC0-1.0", @@ -162,7 +165,7 @@ highlight = "all" # The default lint level for `default` features for crates that are members of # the workspace that is being checked. This can be overridden by allowing/denying # `default` on a crate-by-crate basis if desired. -workspace-default-features = "warn" +workspace-default-features = "allow" # The default lint level for `default` features for external crates that are not # members of the workspace. This can be overridden by allowing/denying `default` # on a crate-by-crate basis if desired. From 5f5467d9088d1d4d9a31070340ad80a71b391005 Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 16:45:03 +0100 Subject: [PATCH 10/11] update Cargo.lock --- Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b7522bd..2291774 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -223,12 +223,6 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" -[[package]] -name = "foldhash" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f" - [[package]] name = "fluent-uri" version = "0.1.4" @@ -238,6 +232,12 @@ dependencies = [ "bitflags", ] +[[package]] +name = "foldhash" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f" + [[package]] name = "generic-array" version = "0.14.7" From 1065c080e0ee2c36afdf2100dc166d5e7749b9ea Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Wed, 22 Jan 2025 16:46:19 +0100 Subject: [PATCH 11/11] chore: update Cargo.lock --- src/uri.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/uri.rs b/src/uri.rs index 77ee193..bf38b9b 100644 --- a/src/uri.rs +++ b/src/uri.rs @@ -78,7 +78,7 @@ impl<'de> Deserialize<'de> for Uri { #[derive(Debug)] pub struct BorrowedUri<'s>(&'s fluent_uri::Uri<&'s str>); -impl<'s> BorrowedUri<'s> { +impl BorrowedUri<'_> { /// Turns this borrowed URI into an owned [`Uri`]. pub fn to_owned(&self) -> Uri { Uri(self.0.to_owned())