diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..baef007 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,55 @@ +name: Tests & Build +on: [push, pull_request] + +jobs: + test: + name: cargo test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - run: sudo apt-get update && sudo apt-get install -y libudev-dev + - run: cargo test + working-directory: bestool + audit: + name: cargo audits + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + with: + components: clippy,rustfmt + - run: sudo apt-get update && sudo apt-get install -y libudev-dev + - run: cargo install cargo-audit + working-directory: bestool + - run: cargo clippy -- -D warnings --no-deps + working-directory: bestool + # Ignoring mach being unmaintained for now as limited options + its only for MacOS + - run: cargo audit -D unsound -D yanked -D unmaintained --ignore "RUSTSEC-2020-0168" + working-directory: bestool + - run: cargo install --locked cargo-vet + working-directory: bestool + - run: cargo vet --locked + working-directory: bestool + vet: + name: cargo vet + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + with: + components: clippy,rustfmt + - run: sudo apt-get update && sudo apt-get install -y libudev-dev + - run: cargo install --locked cargo-vet + working-directory: bestool + - run: cargo vet --locked + working-directory: bestool + build: + name: cargo build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - run: sudo apt-get update && sudo apt-get install -y libudev-dev + - run: cargo build + working-directory: bestool \ No newline at end of file diff --git a/bestool/Cargo.toml b/bestool/Cargo.toml index 8726fd5..380c073 100644 --- a/bestool/Cargo.toml +++ b/bestool/Cargo.toml @@ -6,9 +6,9 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -serialport = "4.2.0" -clap = { version = "4.0", features = ["derive"] } -thiserror = "1.0.37" -tracing = "0.1" -tracing-subscriber = "0.3" -crc = "3.0.0" +serialport = "4.2.2" +clap = { version = "4.4.8", features = ["derive"] } +thiserror = "1.0.50" +tracing = "0.1.40" +tracing-subscriber = "0.3.18" +crc = "3.0.1" diff --git a/bestool/supply-chain/audits.toml b/bestool/supply-chain/audits.toml new file mode 100644 index 0000000..3788ad0 --- /dev/null +++ b/bestool/supply-chain/audits.toml @@ -0,0 +1,217 @@ + +# cargo-vet audits file + +[[audits.pkg-config]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.27" + +[[trusted.aho-corasick]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-03-28" +end = "2024-11-26" + +[[trusted.anstream]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-03-16" +end = "2024-11-26" + +[[trusted.anstyle]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2022-05-18" +end = "2024-11-26" + +[[trusted.anstyle-parse]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-03-08" +end = "2024-11-26" + +[[trusted.anstyle-query]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-04-13" +end = "2024-11-26" + +[[trusted.anstyle-wincon]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-03-08" +end = "2024-11-26" + +[[trusted.clap]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2021-12-08" +end = "2024-11-26" + +[[trusted.clap_builder]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-03-28" +end = "2024-11-26" + +[[trusted.clap_derive]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2021-12-08" +end = "2024-11-26" + +[[trusted.clap_lex]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2022-04-15" +end = "2024-11-26" + +[[trusted.colorchoice]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-04-13" +end = "2024-11-26" + +[[trusted.libc]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2021-01-27" +end = "2024-11-26" + +[[trusted.memchr]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-07-07" +end = "2024-11-26" + +[[trusted.proc-macro2]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-04-23" +end = "2024-11-26" + +[[trusted.quote]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-04-09" +end = "2024-11-26" + +[[trusted.regex]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-02-27" +end = "2024-11-26" + +[[trusted.regex-automata]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-02-25" +end = "2024-11-26" + +[[trusted.regex-syntax]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-03-30" +end = "2024-11-26" + +[[trusted.scopeguard]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2020-02-16" +end = "2024-11-26" + +[[trusted.smallvec]] +criteria = "safe-to-deploy" +user-id = 2017 # Matt Brubeck (mbrubeck) +start = "2019-10-28" +end = "2024-11-26" + +[[trusted.syn]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-03-01" +end = "2024-11-26" + +[[trusted.thiserror]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-10-09" +end = "2024-11-26" + +[[trusted.thiserror-impl]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-10-09" +end = "2024-11-26" + +[[trusted.thread_local]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-09-07" +end = "2024-11-26" + +[[trusted.unicode-ident]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2021-10-02" +end = "2024-11-26" + +[[trusted.valuable]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2022-01-03" +end = "2024-11-26" + +[[trusted.windows-sys]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-11-15" +end = "2024-11-26" + +[[trusted.windows-targets]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-09-09" +end = "2024-11-26" + +[[trusted.windows_aarch64_gnullvm]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-09-01" +end = "2024-11-26" + +[[trusted.windows_aarch64_msvc]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-11-05" +end = "2024-11-26" + +[[trusted.windows_i686_gnu]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-28" +end = "2024-11-26" + +[[trusted.windows_i686_msvc]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-27" +end = "2024-11-26" + +[[trusted.windows_x86_64_gnu]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-28" +end = "2024-11-26" + +[[trusted.windows_x86_64_gnullvm]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-09-01" +end = "2024-11-26" + +[[trusted.windows_x86_64_msvc]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-27" +end = "2024-11-26" diff --git a/bestool/supply-chain/config.toml b/bestool/supply-chain/config.toml new file mode 100644 index 0000000..1709067 --- /dev/null +++ b/bestool/supply-chain/config.toml @@ -0,0 +1,107 @@ + +# cargo-vet config file + +[cargo-vet] +version = "0.8" + +[imports.bytecode-alliance] +url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" + +[imports.fermyon] +url = "https://raw.githubusercontent.com/fermyon/spin/main/supply-chain/audits.toml" + +[imports.google] +url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml" + +[imports.isrg] +url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml" + +[imports.mozilla] +url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" + +[imports.zcash] +url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml" + +[[exemptions.CoreFoundation-sys]] +version = "0.1.4" +criteria = "safe-to-deploy" + +[[exemptions.IOKit-sys]] +version = "0.1.5" +criteria = "safe-to-deploy" + +[[exemptions.bitflags]] +version = "1.3.2" +criteria = "safe-to-deploy" + +[[exemptions.crc]] +version = "3.0.1" +criteria = "safe-to-deploy" + +[[exemptions.crc-catalog]] +version = "2.4.0" +criteria = "safe-to-deploy" + +[[exemptions.libudev]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.libudev-sys]] +version = "0.1.4" +criteria = "safe-to-deploy" + +[[exemptions.mach]] +version = "0.1.2" +criteria = "safe-to-deploy" + +[[exemptions.nix]] +version = "0.26.4" +criteria = "safe-to-deploy" + +[[exemptions.once_cell]] +version = "1.18.0" +criteria = "safe-to-deploy" + +[[exemptions.serialport]] +version = "4.2.2" +criteria = "safe-to-deploy" + +[[exemptions.sharded-slab]] +version = "0.1.7" +criteria = "safe-to-deploy" + +[[exemptions.strsim]] +version = "0.10.0" +criteria = "safe-to-deploy" + +[[exemptions.tracing]] +version = "0.1.40" +criteria = "safe-to-deploy" + +[[exemptions.tracing-attributes]] +version = "0.1.27" +criteria = "safe-to-deploy" + +[[exemptions.tracing-core]] +version = "0.1.32" +criteria = "safe-to-deploy" + +[[exemptions.tracing-log]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.tracing-subscriber]] +version = "0.3.18" +criteria = "safe-to-deploy" + +[[exemptions.winapi]] +version = "0.3.9" +criteria = "safe-to-deploy" + +[[exemptions.winapi-i686-pc-windows-gnu]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.winapi-x86_64-pc-windows-gnu]] +version = "0.4.0" +criteria = "safe-to-deploy" diff --git a/bestool/supply-chain/imports.lock b/bestool/supply-chain/imports.lock new file mode 100644 index 0000000..4c329ff --- /dev/null +++ b/bestool/supply-chain/imports.lock @@ -0,0 +1,379 @@ + +# cargo-vet imports lock + +[[publisher.aho-corasick]] +version = "1.1.2" +when = "2023-10-09" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.anstream]] +version = "0.6.4" +when = "2023-09-29" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.anstyle]] +version = "1.0.4" +when = "2023-09-28" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.anstyle-parse]] +version = "0.2.2" +when = "2023-09-28" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.anstyle-query]] +version = "1.0.0" +when = "2023-04-13" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.anstyle-wincon]] +version = "3.0.1" +when = "2023-09-29" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.clap]] +version = "4.4.8" +when = "2023-11-10" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.clap_builder]] +version = "4.4.8" +when = "2023-11-10" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.clap_derive]] +version = "4.4.7" +when = "2023-10-24" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.clap_lex]] +version = "0.6.0" +when = "2023-10-24" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.colorchoice]] +version = "1.0.0" +when = "2023-04-13" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.libc]] +version = "0.2.146" +when = "2023-06-06" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.memchr]] +version = "2.6.4" +when = "2023-10-01" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.proc-macro2]] +version = "1.0.69" +when = "2023-10-09" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.quote]] +version = "1.0.33" +when = "2023-08-17" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.regex]] +version = "1.10.2" +when = "2023-10-16" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.regex-automata]] +version = "0.4.3" +when = "2023-10-16" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.regex-syntax]] +version = "0.8.2" +when = "2023-10-14" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.scopeguard]] +version = "1.2.0" +when = "2023-07-17" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.smallvec]] +version = "1.11.2" +when = "2023-11-09" +user-id = 2017 +user-login = "mbrubeck" +user-name = "Matt Brubeck" + +[[publisher.syn]] +version = "2.0.39" +when = "2023-11-06" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.thiserror]] +version = "1.0.50" +when = "2023-10-19" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.thiserror-impl]] +version = "1.0.50" +when = "2023-10-19" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.thread_local]] +version = "1.1.7" +when = "2023-02-12" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.unicode-ident]] +version = "1.0.12" +when = "2023-09-13" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.valuable]] +version = "0.1.0" +when = "2022-01-03" +user-id = 10 +user-login = "carllerche" +user-name = "Carl Lerche" + +[[publisher.windows-sys]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows-targets]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_aarch64_gnullvm]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_aarch64_msvc]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_gnu]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_msvc]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_gnu]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_gnullvm]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_msvc]] +version = "0.48.5" +when = "2023-08-18" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[audits.bytecode-alliance.audits.cfg-if]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "I am the author of this crate." + +[[audits.bytecode-alliance.audits.heck]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.4.0" +notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." + +[[audits.bytecode-alliance.audits.libc]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.146 -> 0.2.147" +notes = "Only new type definitions and updating others for some platforms, no major changes" + +[[audits.bytecode-alliance.audits.libc]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.148 -> 0.2.149" +notes = "Lots of new functions and constants for new platforms and nothing out of the ordinary for what one would expect of the `libc` crate." + +[[audits.bytecode-alliance.audits.nu-ansi-term]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.46.0" +notes = "one use of unsafe to call windows specific api to get console handle." + +[[audits.bytecode-alliance.audits.overload]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.1.1" +notes = "small crate, only defines macro-rules!, nicely documented as well" + +[[audits.bytecode-alliance.audits.pkg-config]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.25" +notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." + +[audits.fermyon.audits] + +[[audits.google.audits.pin-project-lite]] +who = "David Koloski " +criteria = "safe-to-deploy" +version = "0.2.9" +notes = "Reviewed on https://fxrev.dev/824504" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.utf8parse]] +who = "David Koloski " +criteria = "safe-to-deploy" +version = "0.2.1" +notes = "Reviewed on https://fxrev.dev/904811" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.isrg.audits.libc]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.149 -> 0.2.150" + +[[audits.mozilla.audits.bitflags]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "1.3.2 -> 2.0.2" +notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.heck]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.4.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.lazy_static]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = "I have read over the macros, and audited the unsafe code." +aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.libc]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.2.147 -> 0.2.148" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +version = "0.4.17" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.4.17 -> 0.4.18" +notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.mach2]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +version = "0.4.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.pkg-config]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.25 -> 0.3.26" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.zcash.audits.log]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.18 -> 0.4.19" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.log]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.19 -> 0.4.20" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.pin-project-lite]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.2.13" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"