mirror of
https://github.com/deps-rs/deps.rs.git
synced 2024-11-22 10:26:30 +00:00
integrate rustsec database
This commit is contained in:
parent
c4337ae698
commit
f0442bbb3c
11 changed files with 337 additions and 50 deletions
185
Cargo.lock
generated
185
Cargo.lock
generated
|
@ -1,3 +1,8 @@
|
|||
[[package]]
|
||||
name = "antidote"
|
||||
version = "1.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "arrayvec"
|
||||
version = "0.4.7"
|
||||
|
@ -35,6 +40,15 @@ dependencies = [
|
|||
"rusttype 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.9.0"
|
||||
|
@ -192,6 +206,24 @@ name = "httparse"
|
|||
version = "1.2.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "hyper"
|
||||
version = "0.10.13"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"base64 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"time 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"typeable 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"unicase 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hyper"
|
||||
version = "0.11.18"
|
||||
|
@ -216,6 +248,16 @@ dependencies = [
|
|||
"unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hyper-native-tls"
|
||||
version = "0.2.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hyper-tls"
|
||||
version = "0.1.2"
|
||||
|
@ -230,6 +272,16 @@ dependencies = [
|
|||
"tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "idna"
|
||||
version = "0.1.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"unicode-normalization 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "indexmap"
|
||||
version = "0.4.1"
|
||||
|
@ -320,6 +372,11 @@ dependencies = [
|
|||
"linked-hash-map 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "matches"
|
||||
version = "0.1.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "maud"
|
||||
version = "0.17.2"
|
||||
|
@ -343,6 +400,14 @@ dependencies = [
|
|||
"maud_htmlescape 0.17.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "mime"
|
||||
version = "0.2.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "mime"
|
||||
version = "0.3.5"
|
||||
|
@ -556,6 +621,20 @@ dependencies = [
|
|||
"winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "reqwest"
|
||||
version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"hyper-native-tls 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde_urlencoded 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "route-recognizer"
|
||||
version = "0.1.12"
|
||||
|
@ -566,6 +645,16 @@ name = "rustc-demangle"
|
|||
version = "0.1.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "rustsec"
|
||||
version = "0.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"reqwest 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"toml 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rusttype"
|
||||
version = "0.4.1"
|
||||
|
@ -648,6 +737,11 @@ name = "semver-parser"
|
|||
version = "0.7.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "serde"
|
||||
version = "0.9.15"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "serde"
|
||||
version = "1.0.27"
|
||||
|
@ -672,6 +766,17 @@ dependencies = [
|
|||
"synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "serde_json"
|
||||
version = "0.9.10"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "serde_json"
|
||||
version = "1.0.9"
|
||||
|
@ -683,6 +788,17 @@ dependencies = [
|
|||
"serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "serde_urlencoded"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "shared-failure"
|
||||
version = "0.1.0"
|
||||
|
@ -706,6 +822,7 @@ dependencies = [
|
|||
"maud 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"relative-path 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"route-recognizer 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"rustsec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"sass-rs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
|
@ -870,6 +987,14 @@ dependencies = [
|
|||
"tokio-io 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "toml"
|
||||
version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "toml"
|
||||
version = "0.4.5"
|
||||
|
@ -878,6 +1003,24 @@ dependencies = [
|
|||
"serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "traitobject"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "typeable"
|
||||
version = "0.1.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "unicase"
|
||||
version = "1.4.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "unicase"
|
||||
version = "2.1.0"
|
||||
|
@ -886,6 +1029,19 @@ dependencies = [
|
|||
"version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "unicode-bidi"
|
||||
version = "0.3.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "unicode-normalization"
|
||||
version = "0.1.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "unicode-xid"
|
||||
version = "0.0.4"
|
||||
|
@ -899,6 +1055,16 @@ dependencies = [
|
|||
"void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "url"
|
||||
version = "1.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
dependencies = [
|
||||
"idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "vcpkg"
|
||||
version = "0.2.2"
|
||||
|
@ -953,9 +1119,11 @@ dependencies = [
|
|||
]
|
||||
|
||||
[metadata]
|
||||
"checksum antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "34fde25430d87a9388dadbe6e34d7f72a462c8b43ac8d309b42b0a8505d7e2a5"
|
||||
"checksum arrayvec 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)" = "a1e964f9e24d588183fcb43503abda40d288c8657dfc27311516ce2f05675aef"
|
||||
"checksum backtrace 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "ebbbf59b1c43eefa8c3ede390fcc36820b4999f7914104015be25025e0d62af2"
|
||||
"checksum backtrace-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "44585761d6161b0f57afc49482ab6bd067e4edef48c12a152c237eb0203f7661"
|
||||
"checksum base64 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "96434f987501f0ed4eb336a411e0631ecd1afa11574fe148587adc4ff96143c9"
|
||||
"checksum base64 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "229d032f1a99302697f10b27167ae6d03d49d032e6a8e2550e8d3fc13356d2b4"
|
||||
"checksum bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4efd02e230a02e18f92fc2735f44597385ed02ad8f831e7c1c1156ee5e1ab3a5"
|
||||
"checksum bitflags 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b3c30d3802dfb7281680d6285f2ccdaa8c2d8fee41f93805dba5c4cf50dc23cf"
|
||||
|
@ -979,8 +1147,11 @@ dependencies = [
|
|||
"checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4"
|
||||
"checksum gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)" = "5e33ec290da0d127825013597dbdfc28bee4964690c7ce1166cbc2a7bd08b1bb"
|
||||
"checksum httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2f407128745b78abc95c0ffbe4e5d37427fdc0d45470710cfef8c44522a2e37"
|
||||
"checksum hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)" = "368cb56b2740ebf4230520e2b90ebb0461e69034d85d1945febd9b3971426db2"
|
||||
"checksum hyper 0.11.18 (registry+https://github.com/rust-lang/crates.io-index)" = "c4f9b276c87e3fc1902a8bdfcce264c3f7c8a1c35e5e0c946062739f55026664"
|
||||
"checksum hyper-native-tls 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "72332e4a35d3059583623b50e98e491b78f8b96c5521fcb3f428167955aa56e8"
|
||||
"checksum hyper-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9c81fa95203e2a6087242c38691a0210f23e9f3f8f944350bd676522132e2985"
|
||||
"checksum idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "014b298351066f1512874135335d62a789ffe78a9974f94b43ed5621951eaf7d"
|
||||
"checksum indexmap 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7164c96d6e18ccc3ce43f3dedac996c21a220670a106c275b96ad92110401362"
|
||||
"checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08"
|
||||
"checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c"
|
||||
|
@ -995,9 +1166,11 @@ dependencies = [
|
|||
"checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b"
|
||||
"checksum log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "89f010e843f2b1a31dbd316b3b8d443758bc634bed37aabade59c686d644e0a2"
|
||||
"checksum lru-cache 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4d06ff7ff06f729ce5f4e227876cb88d10bc59cd4ae1e09fbb2bde15c850dc21"
|
||||
"checksum matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "100aabe6b8ff4e4a7e32c1c13523379802df0772b82466207ac25b013f193376"
|
||||
"checksum maud 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c0023c814f4a545946ab612ad64a4edce8126d4fe4f0abc5f319b80877112048"
|
||||
"checksum maud_htmlescape 0.17.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d0fb85bccffc42302ad1e1ed8679f6a39d1317f775a37fbc3f79bdfbe054bfb7"
|
||||
"checksum maud_macros 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d8377d77c1995044b8ad67a59d15b434c8b7de470ac743de4916ee2bd9fce55"
|
||||
"checksum mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "ba626b8a6de5da682e1caa06bdb42a335aee5a84db8e5046a3e8ab17ba0a3ae0"
|
||||
"checksum mime 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "e2e00e17be181010a91dbfefb01660b17311059dc8c7f48b9017677721e732bd"
|
||||
"checksum mio 0.6.13 (registry+https://github.com/rust-lang/crates.io-index)" = "7da01a5e23070d92d99b1ecd1cd0af36447c6fd44b0fe283c2db199fa136724f"
|
||||
"checksum miow 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919"
|
||||
|
@ -1022,8 +1195,10 @@ dependencies = [
|
|||
"checksum relative-path 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)" = "e614f96449605730b4f7ad2c019e88c1652d730634b4eba07b810801856635e3"
|
||||
"checksum relay 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1576e382688d7e9deecea24417e350d3062d97e32e45d70b1cde65994ff1489a"
|
||||
"checksum remove_dir_all 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b5d2f806b0fcdabd98acd380dc8daef485e22bcb7cddc811d1337967f2528cf5"
|
||||
"checksum reqwest 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3bef9ed8fdfcc30947d6b774938dc0c3f369a474efe440df2c7f278180b2d2e6"
|
||||
"checksum route-recognizer 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "cf3255338088df8146ba63d60a9b8e3556f1146ce2973bc05a75181a42ce2256"
|
||||
"checksum rustc-demangle 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "aee45432acc62f7b9a108cc054142dac51f979e69e71ddce7d6fc7adf29e817e"
|
||||
"checksum rustsec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9fb074a338f1f966f5d86eaef9aa85b544207ed138986e60a33e08202c5c4492"
|
||||
"checksum rusttype 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "24f3d32ca1619041480bd0b4756963762369f1d3f2fcc212c4877042f867b4ca"
|
||||
"checksum safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e27a8b19b835f7aea908818e871f5cc3a5a186550c30773be987e155e8163d8f"
|
||||
"checksum sass-rs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "90f8cf6e645aa843ffffcbdc1e8752b1f221dfa314c81895aeb229a77aea7e05"
|
||||
|
@ -1034,10 +1209,13 @@ dependencies = [
|
|||
"checksum security-framework-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "5421621e836278a0b139268f36eee0dc7e389b784dc3f79d8f11aabadf41bead"
|
||||
"checksum semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
|
||||
"checksum semver-parser 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
|
||||
"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af"
|
||||
"checksum serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)" = "db99f3919e20faa51bb2996057f5031d8685019b5a06139b1ce761da671b8526"
|
||||
"checksum serde_derive 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)" = "f4ba7591cfe93755e89eeecdbcc668885624829b020050e6aec99c2a03bd3fd0"
|
||||
"checksum serde_derive_internals 0.19.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6e03f1c9530c3fb0a0a5c9b826bdd9246a5921ae995d75f512ac917fc4dd55b5"
|
||||
"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1"
|
||||
"checksum serde_json 1.0.9 (registry+https://github.com/rust-lang/crates.io-index)" = "c9db7266c7d63a4c4b7fe8719656ccdd51acf1bed6124b174f933b009fb10bcb"
|
||||
"checksum serde_urlencoded 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "68f06ece1408d3221d11a9da11953ad0c94daa48cfa42026471306f895b91bc8"
|
||||
"checksum slab 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "17b4fcaed89ab08ef143da37bc52adbcc04d4a69014f4c1208d6b51f0c47bc23"
|
||||
"checksum slab 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fdeff4cd9ecff59ec7e3744cbca73dfe5ac35c2aedb2cfba8a1c715a18912e9d"
|
||||
"checksum slog 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "0a6b13b17f4225771f7f15cece704a4e68d3a5f31278ed26367f497133398a18"
|
||||
|
@ -1055,10 +1233,17 @@ dependencies = [
|
|||
"checksum tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fbb47ae81353c63c487030659494b295f6cb6576242f907f203473b191b0389"
|
||||
"checksum tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "24da22d077e0f15f55162bdbdc661228c1581892f52074fb242678d015b45162"
|
||||
"checksum tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "772f4b04e560117fe3b0a53e490c16ddc8ba6ec437015d91fa385564996ed913"
|
||||
"checksum toml 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bd86ad9ebee246fdedd610e0f6d0587b754a3d81438db930a244d0480ed7878f"
|
||||
"checksum toml 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)" = "a7540f4ffc193e0d3c94121edb19b055670d369f77d5804db11ae053a45b6e7e"
|
||||
"checksum traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "efd1f82c56340fdf16f2a953d7bda4f8fdffba13d93b00844c25572110b26079"
|
||||
"checksum typeable 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1410f6f91f21d1612654e7cc69193b0334f909dcf2c790c4826254fbb86f8887"
|
||||
"checksum unicase 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7f4765f83163b74f957c797ad9253caf97f103fb064d3999aea9568d09fc8a33"
|
||||
"checksum unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "284b6d3db520d67fbe88fd778c21510d1b0ba4a551e5d0fbb023d33405f6de8a"
|
||||
"checksum unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5"
|
||||
"checksum unicode-normalization 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "51ccda9ef9efa3f7ef5d91e8f9b83bbe6955f9bf86aec89d5cce2c874625920f"
|
||||
"checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc"
|
||||
"checksum unreachable 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1f2ae5ddb18e1c92664717616dd9549dde73f539f01bd7b77c2edb2446bdff91"
|
||||
"checksum url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fa35e768d4daf1d85733418a49fb42e10d7f633e394fccab4ab7aba897053fe2"
|
||||
"checksum vcpkg 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9e0a7d8bed3178a8fb112199d466eeca9ed09a14ba8ad67718179b4fd5487d0b"
|
||||
"checksum version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6b772017e347561807c1aa192438c5fd74242a670a6cffacc40f2defd1dc069d"
|
||||
"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
|
||||
|
|
|
@ -15,6 +15,7 @@ lru-cache = "0.1.1"
|
|||
maud = "0.17.2"
|
||||
relative-path = { version = "0.3.7", features = ["serde"] }
|
||||
route-recognizer = "0.1.12"
|
||||
rustsec = "0.6.0"
|
||||
semver = { version = "0.9.0", features = ["serde"] }
|
||||
serde = "1.0.27"
|
||||
serde_derive = "1.0.27"
|
||||
|
|
|
@ -12,8 +12,9 @@ pub struct AnalyzeDependenciesFuture {
|
|||
}
|
||||
|
||||
impl AnalyzeDependenciesFuture {
|
||||
pub fn new(engine: &Engine, deps: CrateDeps) -> Self {
|
||||
let analyzer = DependencyAnalyzer::new(&deps);
|
||||
pub fn new(engine: Engine, deps: CrateDeps) -> Self {
|
||||
let future = engine.fetch_advisory_db().and_then(move |advisory_db| {
|
||||
let analyzer = DependencyAnalyzer::new(&deps, advisory_db);
|
||||
|
||||
let main_deps = deps.main.into_iter().filter_map(|(name, dep)| {
|
||||
if dep.is_external() { Some(name) } else { None }
|
||||
|
@ -27,12 +28,13 @@ impl AnalyzeDependenciesFuture {
|
|||
|
||||
let release_futures = engine.fetch_releases(main_deps.chain(dev_deps).chain(build_deps));
|
||||
|
||||
let analyzed_deps_future = futures_unordered(release_futures)
|
||||
futures_unordered(release_futures)
|
||||
.fold(analyzer, |mut analyzer, releases| { analyzer.process(releases); Ok(analyzer) as Result<_, Error> })
|
||||
.map(|analyzer| analyzer.finalize());
|
||||
.map(|analyzer| analyzer.finalize())
|
||||
});
|
||||
|
||||
AnalyzeDependenciesFuture {
|
||||
inner: Box::new(analyzed_deps_future)
|
||||
inner: Box::new(future)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,19 +1,24 @@
|
|||
use std::sync::Arc;
|
||||
|
||||
use rustsec::db::AdvisoryDatabase;
|
||||
use semver::Version;
|
||||
|
||||
use ::models::crates::{CrateDeps, CrateRelease, AnalyzedDependency, AnalyzedDependencies};
|
||||
use ::models::crates::{CrateDeps, CrateRelease, CrateName, AnalyzedDependency, AnalyzedDependencies};
|
||||
|
||||
pub struct DependencyAnalyzer {
|
||||
deps: AnalyzedDependencies
|
||||
deps: AnalyzedDependencies,
|
||||
advisory_db: Arc<AdvisoryDatabase>
|
||||
}
|
||||
|
||||
impl DependencyAnalyzer {
|
||||
pub fn new(deps: &CrateDeps) -> DependencyAnalyzer {
|
||||
pub fn new(deps: &CrateDeps, advisory_db: Arc<AdvisoryDatabase>) -> DependencyAnalyzer {
|
||||
DependencyAnalyzer {
|
||||
deps: AnalyzedDependencies::new(deps)
|
||||
deps: AnalyzedDependencies::new(deps),
|
||||
advisory_db
|
||||
}
|
||||
}
|
||||
|
||||
fn process_single(dep: &mut AnalyzedDependency, ver: &Version) {
|
||||
fn process_single(name: &CrateName, dep: &mut AnalyzedDependency, ver: &Version, advisory_db: &AdvisoryDatabase) {
|
||||
if dep.required.matches(&ver) {
|
||||
if let Some(ref mut current_latest_that_matches) = dep.latest_that_matches {
|
||||
if *current_latest_that_matches < *ver {
|
||||
|
@ -22,6 +27,10 @@ impl DependencyAnalyzer {
|
|||
} else {
|
||||
dep.latest_that_matches = Some(ver.clone());
|
||||
}
|
||||
|
||||
if !advisory_db.find_vulns_for_crate(name.as_ref(), ver).is_empty() {
|
||||
dep.insecure = true;
|
||||
}
|
||||
}
|
||||
if !ver.is_prerelease() {
|
||||
if let Some(ref mut current_latest) = dep.latest {
|
||||
|
@ -37,13 +46,13 @@ impl DependencyAnalyzer {
|
|||
pub fn process<I: IntoIterator<Item=CrateRelease>>(&mut self, releases: I) {
|
||||
for release in releases.into_iter().filter(|r| !r.yanked) {
|
||||
if let Some(main_dep) = self.deps.main.get_mut(&release.name) {
|
||||
DependencyAnalyzer::process_single(main_dep, &release.version)
|
||||
DependencyAnalyzer::process_single(&release.name, main_dep, &release.version, &self.advisory_db)
|
||||
}
|
||||
if let Some(dev_dep) = self.deps.dev.get_mut(&release.name) {
|
||||
DependencyAnalyzer::process_single(dev_dep, &release.version)
|
||||
DependencyAnalyzer::process_single(&release.name, dev_dep, &release.version, &self.advisory_db)
|
||||
}
|
||||
if let Some(build_dep) = self.deps.build.get_mut(&release.name) {
|
||||
DependencyAnalyzer::process_single(build_dep, &release.version)
|
||||
DependencyAnalyzer::process_single(&release.name, build_dep, &release.version, &self.advisory_db)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ use hyper::Client;
|
|||
use hyper::client::HttpConnector;
|
||||
use hyper_tls::HttpsConnector;
|
||||
use relative_path::{RelativePath, RelativePathBuf};
|
||||
use rustsec::db::AdvisoryDatabase;
|
||||
use semver::VersionReq;
|
||||
use slog::Logger;
|
||||
use tokio_service::Service;
|
||||
|
@ -25,7 +26,8 @@ use ::models::crates::{CrateName, CratePath, CrateRelease, AnalyzedDependencies}
|
|||
|
||||
use ::interactors::crates::{QueryCrate, GetPopularCrates};
|
||||
use ::interactors::RetrieveFileAtPath;
|
||||
use ::interactors::github::{GetPopularRepos};
|
||||
use ::interactors::github::GetPopularRepos;
|
||||
use ::interactors::rustsec::FetchAdvisoryDatabase;
|
||||
|
||||
use self::futures::AnalyzeDependenciesFuture;
|
||||
use self::futures::CrawlManifestFuture;
|
||||
|
@ -41,7 +43,8 @@ pub struct Engine {
|
|||
query_crate: Arc<Cache<QueryCrate<HttpClient>>>,
|
||||
get_popular_crates: Arc<Cache<GetPopularCrates<HttpClient>>>,
|
||||
get_popular_repos: Arc<Cache<GetPopularRepos<HttpClient>>>,
|
||||
retrieve_file_at_path: Arc<RetrieveFileAtPath<HttpClient>>
|
||||
retrieve_file_at_path: Arc<RetrieveFileAtPath<HttpClient>>,
|
||||
fetch_advisory_db: Arc<Cache<FetchAdvisoryDatabase<HttpClient>>>
|
||||
}
|
||||
|
||||
impl Engine {
|
||||
|
@ -51,6 +54,7 @@ impl Engine {
|
|||
let query_crate = Cache::new(QueryCrate(client.clone()), Duration::from_secs(300), 500);
|
||||
let get_popular_crates = Cache::new(GetPopularCrates(client.clone()), Duration::from_secs(10), 1);
|
||||
let get_popular_repos = Cache::new(GetPopularRepos(client.clone()), Duration::from_secs(10), 1);
|
||||
let fetch_advisory_db = Cache::new(FetchAdvisoryDatabase(client.clone()), Duration::from_secs(300), 1);
|
||||
|
||||
Engine {
|
||||
client: client.clone(), logger, metrics,
|
||||
|
@ -58,7 +62,8 @@ impl Engine {
|
|||
query_crate: Arc::new(query_crate),
|
||||
get_popular_crates: Arc::new(get_popular_crates),
|
||||
get_popular_repos: Arc::new(get_popular_repos),
|
||||
retrieve_file_at_path: Arc::new(RetrieveFileAtPath(client))
|
||||
retrieve_file_at_path: Arc::new(RetrieveFileAtPath(client)),
|
||||
fetch_advisory_db: Arc::new(fetch_advisory_db)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -77,6 +82,10 @@ impl AnalyzeDependenciesOutcome {
|
|||
self.crates.iter().any(|&(_, ref deps)| deps.any_outdated())
|
||||
}
|
||||
|
||||
pub fn any_insecure(&self) -> bool {
|
||||
self.crates.iter().any(|&(_, ref deps)| deps.count_insecure() > 0)
|
||||
}
|
||||
|
||||
pub fn outdated_ratio(&self) -> (usize, usize) {
|
||||
self.crates.iter().fold((0, 0), |(outdated, total), &(_, ref deps)| {
|
||||
(outdated + deps.count_outdated(), total + deps.count_total())
|
||||
|
@ -115,7 +124,7 @@ impl Engine {
|
|||
manifest_future.and_then(move |manifest_output| {
|
||||
let engine_for_analyze = engine.clone();
|
||||
let futures = manifest_output.crates.into_iter().map(move |(crate_name, deps)| {
|
||||
let analyzed_deps_future = AnalyzeDependenciesFuture::new(&engine_for_analyze, deps);
|
||||
let analyzed_deps_future = AnalyzeDependenciesFuture::new(engine_for_analyze.clone(), deps);
|
||||
|
||||
analyzed_deps_future.map(move |analyzed_deps| (crate_name, analyzed_deps))
|
||||
});
|
||||
|
@ -147,7 +156,7 @@ impl Engine {
|
|||
match query_response.releases.iter().find(|release| release.version == crate_path.version) {
|
||||
None => future::Either::A(future::err(format_err!("could not find crate release with version {}", crate_path.version))),
|
||||
Some(release) => {
|
||||
let analyzed_deps_future = AnalyzeDependenciesFuture::new(&engine, release.deps.clone());
|
||||
let analyzed_deps_future = AnalyzeDependenciesFuture::new(engine.clone(), release.deps.clone());
|
||||
|
||||
future::Either::B(analyzed_deps_future.map(move |analyzed_deps| {
|
||||
let crates = vec![(crate_path.name, analyzed_deps)].into_iter().collect();
|
||||
|
@ -190,6 +199,12 @@ impl Engine {
|
|||
let manifest_path = path.join(RelativePath::new("Cargo.toml"));
|
||||
self.retrieve_file_at_path.call((repo_path.clone(), manifest_path))
|
||||
}
|
||||
|
||||
fn fetch_advisory_db(&self) ->
|
||||
impl Future<Item=Arc<AdvisoryDatabase>, Error=Error>
|
||||
{
|
||||
self.fetch_advisory_db.call(()).from_err().map(|db| db.clone())
|
||||
}
|
||||
}
|
||||
|
||||
lazy_static! {
|
||||
|
|
|
@ -10,7 +10,7 @@ pub mod bitbucket;
|
|||
pub mod crates;
|
||||
pub mod github;
|
||||
pub mod gitlab;
|
||||
|
||||
pub mod rustsec;
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct RetrieveFileAtPath<S>(pub S);
|
||||
|
|
44
src/interactors/rustsec.rs
Normal file
44
src/interactors/rustsec.rs
Normal file
|
@ -0,0 +1,44 @@
|
|||
use std::str;
|
||||
use std::sync::Arc;
|
||||
|
||||
use failure::Error;
|
||||
use futures::{Future, IntoFuture, Stream, future};
|
||||
use hyper::{Error as HyperError, Method, Request, Response};
|
||||
use rustsec::ADVISORY_DB_URL;
|
||||
use rustsec::db::AdvisoryDatabase;
|
||||
use tokio_service::Service;
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct FetchAdvisoryDatabase<S>(pub S);
|
||||
|
||||
impl<S> Service for FetchAdvisoryDatabase<S>
|
||||
where S: Service<Request=Request, Response=Response, Error=HyperError> + Clone + 'static,
|
||||
S::Future: 'static
|
||||
{
|
||||
type Request = ();
|
||||
type Response = Arc<AdvisoryDatabase>;
|
||||
type Error = Error;
|
||||
type Future = Box<Future<Item=Self::Response, Error=Self::Error>>;
|
||||
|
||||
fn call(&self, _req: ()) -> Self::Future {
|
||||
let service = self.0.clone();
|
||||
|
||||
let uri_future = ADVISORY_DB_URL.parse().into_future().from_err();
|
||||
|
||||
Box::new(uri_future.and_then(move |uri| {
|
||||
let request = Request::new(Method::Get, uri);
|
||||
|
||||
service.call(request).from_err().and_then(|response| {
|
||||
let status = response.status();
|
||||
if !status.is_success() {
|
||||
future::Either::A(future::err(format_err!("Status code {} when fetching advisory db", status)))
|
||||
} else {
|
||||
let body_future = response.body().concat2().from_err();
|
||||
let decode_future = body_future
|
||||
.and_then(|body| Ok(Arc::new(AdvisoryDatabase::from_toml(str::from_utf8(&body)?)?)));
|
||||
future::Either::B(decode_future)
|
||||
}
|
||||
})
|
||||
}))
|
||||
}
|
||||
}
|
|
@ -15,6 +15,7 @@ extern crate lru_cache;
|
|||
extern crate maud;
|
||||
extern crate relative_path;
|
||||
extern crate route_recognizer;
|
||||
extern crate rustsec;
|
||||
extern crate semver;
|
||||
#[macro_use] extern crate serde_derive;
|
||||
extern crate serde;
|
||||
|
|
|
@ -93,7 +93,8 @@ pub struct CrateDeps {
|
|||
pub struct AnalyzedDependency {
|
||||
pub required: VersionReq,
|
||||
pub latest_that_matches: Option<Version>,
|
||||
pub latest: Option<Version>
|
||||
pub latest: Option<Version>,
|
||||
pub insecure: bool
|
||||
}
|
||||
|
||||
impl AnalyzedDependency {
|
||||
|
@ -101,7 +102,8 @@ impl AnalyzedDependency {
|
|||
AnalyzedDependency {
|
||||
required,
|
||||
latest_that_matches: None,
|
||||
latest: None
|
||||
latest: None,
|
||||
insecure: false
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -160,6 +162,19 @@ impl AnalyzedDependencies {
|
|||
main_outdated + dev_outdated + build_outdated
|
||||
}
|
||||
|
||||
pub fn count_insecure(&self) -> usize {
|
||||
let main_insecure = self.main.iter()
|
||||
.filter(|&(_, dep)| dep.insecure)
|
||||
.count();
|
||||
let dev_insecure = self.dev.iter()
|
||||
.filter(|&(_, dep)| dep.insecure)
|
||||
.count();
|
||||
let build_insecure = self.build.iter()
|
||||
.filter(|&(_, dep)| dep.insecure)
|
||||
.count();
|
||||
main_insecure + dev_insecure + build_insecure
|
||||
}
|
||||
|
||||
pub fn any_outdated(&self) -> bool {
|
||||
let main_any_outdated = self.main.iter()
|
||||
.any(|(_, dep)| dep.is_outdated());
|
||||
|
|
|
@ -7,6 +7,13 @@ use ::engine::AnalyzeDependenciesOutcome;
|
|||
pub fn badge(analysis_outcome: Option<&AnalyzeDependenciesOutcome>) -> Badge {
|
||||
let opts = match analysis_outcome {
|
||||
Some(outcome) => {
|
||||
if outcome.any_insecure() {
|
||||
BadgeOptions {
|
||||
subject: "dependencies".into(),
|
||||
status: "insecure".into(),
|
||||
color: "#e05d44".into()
|
||||
}
|
||||
} else {
|
||||
let (outdated, total) = outcome.outdated_ratio();
|
||||
|
||||
if outdated > 0 {
|
||||
|
@ -28,6 +35,7 @@ pub fn badge(analysis_outcome: Option<&AnalyzeDependenciesOutcome>) -> Badge {
|
|||
color: "#4c1".into()
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
None => {
|
||||
BadgeOptions {
|
||||
|
|
|
@ -36,12 +36,15 @@ fn dependency_tables(crate_name: CrateName, deps: AnalyzedDependencies) -> Marku
|
|||
|
||||
fn dependency_table(title: &str, deps: IndexMap<CrateName, AnalyzedDependency>) -> Markup {
|
||||
let count_total = deps.len();
|
||||
let count_insecure = deps.iter().filter(|&(_, dep)| dep.insecure).count();
|
||||
let count_outdated = deps.iter().filter(|&(_, dep)| dep.is_outdated()).count();
|
||||
|
||||
html! {
|
||||
h3 class="title is-4" (title)
|
||||
p class="subtitle is-5" {
|
||||
@if count_outdated > 0 {
|
||||
@if count_insecure > 0 {
|
||||
(format!(" ({} total, {} insecure)", count_total, count_insecure))
|
||||
} @else if count_outdated > 0 {
|
||||
(format!(" ({} total, {} up-to-date, {} outdated)", count_total, count_total - count_outdated, count_outdated))
|
||||
} @else {
|
||||
(format!(" ({} total, all up-to-date)", count_total))
|
||||
|
@ -72,7 +75,9 @@ fn dependency_table(title: &str, deps: IndexMap<CrateName, AnalyzedDependency>)
|
|||
}
|
||||
}
|
||||
td class="has-text-right" {
|
||||
@if dep.is_outdated() {
|
||||
@if dep.insecure {
|
||||
span class="tag is-danger" "insecure"
|
||||
} @else if dep.is_outdated() {
|
||||
span class="tag is-warning" "out of date"
|
||||
} @else {
|
||||
span class="tag is-success" "up to date"
|
||||
|
@ -150,7 +155,9 @@ fn render_success(analysis_outcome: AnalyzeDependenciesOutcome, subject_path: Su
|
|||
|
||||
let status_data_uri = badge::badge(Some(&analysis_outcome)).to_svg_data_uri();
|
||||
|
||||
let hero_class = if analysis_outcome.any_outdated() {
|
||||
let hero_class = if analysis_outcome.any_insecure() {
|
||||
"is-danger"
|
||||
} else if analysis_outcome.any_outdated() {
|
||||
"is-warning"
|
||||
} else {
|
||||
"is-success"
|
||||
|
|
Loading…
Reference in a new issue