From 11fc03148ea9bf1036d7aa6a5c24daf129fe5c43 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 00:19:19 +0100 Subject: [PATCH 01/26] Add `cargo-metadata` as a dependency Signed-off-by: Sergey "Shnatsel" Davidoff --- Cargo.lock | 24 ++++++++++++++++++++++++ cargo-cyclonedx/Cargo.toml | 1 + 2 files changed, 25 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 47b5f60f..56769a72 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -217,6 +217,15 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a3e368af43e418a04d52505cf3dbc23dda4e3407ae2fa99fd0e4f308ce546acc" +[[package]] +name = "camino" +version = "1.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c59e92b5a388f549b863a7bea62612c09f24c8393560709a54558a9abdfb3b9c" +dependencies = [ + "serde", +] + [[package]] name = "cargo" version = "0.73.0" @@ -293,6 +302,7 @@ dependencies = [ "assert_cmd", "assert_fs", "cargo", + "cargo_metadata", "clap", "cyclonedx-bom", "env_logger", @@ -337,6 +347,20 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "cargo_metadata" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d886547e41f740c616ae73108f6eb70afe6d940c7bc697cb30f13daec073037" +dependencies = [ + "camino", + "cargo-platform", + "semver", + "serde", + "serde_json", + "thiserror", +] + [[package]] name = "cc" version = "1.0.83" diff --git a/cargo-cyclonedx/Cargo.toml b/cargo-cyclonedx/Cargo.toml index 72126121..869be78d 100644 --- a/cargo-cyclonedx/Cargo.toml +++ b/cargo-cyclonedx/Cargo.toml @@ -23,6 +23,7 @@ lto = "thin" [dependencies] anyhow = "1.0.75" cargo = "0.73.0" +cargo_metadata = "0.18.1" clap = { version = "4.4.0", features = ["derive"] } cyclonedx-bom = { version = "0.4.1", path = "../cyclonedx-bom" } env_logger = "0.10.0" From 6a85dba19c6223ad853cd0a2438b10877a9ce9b4 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 00:20:28 +0100 Subject: [PATCH 02/26] Drop logging configuration for Cargo internals Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/main.rs | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/cargo-cyclonedx/src/main.rs b/cargo-cyclonedx/src/main.rs index 9e4dc1be..2fa99913 100644 --- a/cargo-cyclonedx/src/main.rs +++ b/cargo-cyclonedx/src/main.rs @@ -45,8 +45,6 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -use cargo::core::Workspace; -use cargo::Config; use cargo_cyclonedx::generator::SbomGenerator; use std::{ io::{self}, @@ -65,8 +63,7 @@ use cli::{Args, Opts}; fn main() -> anyhow::Result<()> { let Opts::Bom(args) = Opts::parse(); - let mut config = Config::default()?; - setup_logging(&args, &mut config)?; + setup_logging(&args)?; let manifest_path = locate_manifest(&args)?; let cli_config = args.as_config()?; @@ -86,7 +83,7 @@ fn main() -> anyhow::Result<()> { Ok(()) } -fn setup_logging(args: &Args, config: &mut Config) -> anyhow::Result<()> { +fn setup_logging(args: &Args) -> anyhow::Result<()> { let mut builder = Builder::new(); // default cargo internals to quiet unless overridden via an environment variable @@ -104,23 +101,9 @@ fn setup_logging(args: &Args, config: &mut Config) -> anyhow::Result<()> { } }; builder.filter_level(level_filter); - builder.parse_default_env(); // allow overriding CLI arguments builder.try_init()?; - // configure logging level of cargo to match what was passed via CLI - config.configure( - args.verbose as u32, - args.quiet, - None, - false, - false, - false, - &None, - &[], - &[], - )?; - Ok(()) } From 79a5c526bf2c9c635cef46cb85f7e57323c1b7d1 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 00:21:47 +0100 Subject: [PATCH 03/26] Drop #[deny] directives for warnings and lints. These should not be used in production - they will cause the build to fail on a newer compiler if new warnings or lints are added. The right way to do this is configure CI. Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/main.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/cargo-cyclonedx/src/main.rs b/cargo-cyclonedx/src/main.rs index 2fa99913..e2f3fe34 100644 --- a/cargo-cyclonedx/src/main.rs +++ b/cargo-cyclonedx/src/main.rs @@ -56,8 +56,6 @@ use clap::Parser; use env_logger::Builder; use log::LevelFilter; -#[deny(clippy::all)] -#[deny(warnings)] mod cli; use cli::{Args, Opts}; From 1c29f6744ef711b267edf9db0c7580a4b2aa67ae Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 00:36:51 +0100 Subject: [PATCH 04/26] Implement querying `cargo metadata` Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/main.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cargo-cyclonedx/src/main.rs b/cargo-cyclonedx/src/main.rs index e2f3fe34..1c73419a 100644 --- a/cargo-cyclonedx/src/main.rs +++ b/cargo-cyclonedx/src/main.rs @@ -51,6 +51,8 @@ use std::{ path::PathBuf, }; +use cargo_metadata::{self, Metadata}; + use anyhow::Result; use clap::Parser; use env_logger::Builder; @@ -63,10 +65,11 @@ fn main() -> anyhow::Result<()> { let Opts::Bom(args) = Opts::parse(); setup_logging(&args)?; - let manifest_path = locate_manifest(&args)?; let cli_config = args.as_config()?; - let ws = Workspace::new(&manifest_path, &config)?; + log::trace!("Running `cargo metadata` started"); + let metadata = get_metadata(&args)?; + log::trace!("Running `cargo metadata` finished"); log::trace!("SBOM generation started"); let boms = SbomGenerator::create_sboms(ws, &cli_config)?; @@ -122,3 +125,12 @@ fn locate_manifest(args: &Args) -> Result { Ok(manifest_path) } } + +fn get_metadata(args: &Args) -> anyhow::Result { + let manifest_path = locate_manifest(&args)?; + + let mut cmd = cargo_metadata::MetadataCommand::new(); + cmd.manifest_path(manifest_path); + // TODO: allow customizing the target platform, etc. + cmd.exec().map_err(|e| e.into()) +} From 85225dc9b5458ca783586a871f5070d62783824e Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 00:38:50 +0100 Subject: [PATCH 05/26] Drop some more #[deny] directives that would break production builds Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/lib.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/cargo-cyclonedx/src/lib.rs b/cargo-cyclonedx/src/lib.rs index e0f62d2d..9bfad9cb 100644 --- a/cargo-cyclonedx/src/lib.rs +++ b/cargo-cyclonedx/src/lib.rs @@ -16,9 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 */ -#![deny(clippy::all)] -#![deny(warnings)] - pub mod config; pub mod format; pub mod generator; From a358ce41d1fd55df86cdc3db61f0596a2e33e7f6 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 00:59:16 +0100 Subject: [PATCH 06/26] WIP conversion of create_sboms() to cargo-metadata Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 13 +++++++++---- cargo-cyclonedx/src/main.rs | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index e5e329ab..8a0cb68a 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -29,6 +29,10 @@ use cargo::core::Resolve; use cargo::core::Workspace; use cargo::ops; +use cargo_metadata; +use cargo_metadata::Metadata as CargoMetadata; +use cargo_metadata::PackageId; + use cyclonedx_bom::external_models::normalized_string::NormalizedString; use cyclonedx_bom::external_models::spdx::SpdxExpression; use cyclonedx_bom::external_models::uri::{Purl, Uri}; @@ -55,15 +59,16 @@ pub struct SbomGenerator {} impl SbomGenerator { pub fn create_sboms( - ws: Workspace, + meta: CargoMetadata, config_override: &SbomConfig, ) -> Result, GeneratorError> { log::trace!( "Processing the workspace {} configuration", - ws.root_manifest().to_string_lossy() + meta.workspace_root ); - let workspace_config = config_from_toml(ws.custom_metadata())?; - let members: Vec = ws.members().cloned().collect(); + // TODO: restore custom TOML config support, or just gut it? + let workspace_config = config_from_toml(None)?; + let members: Vec = meta.workspace_members; let (package_ids, resolve) = ops::resolve_ws(&ws).map_err(|error| GeneratorError::CargoConfigError { diff --git a/cargo-cyclonedx/src/main.rs b/cargo-cyclonedx/src/main.rs index 1c73419a..91a6d2ca 100644 --- a/cargo-cyclonedx/src/main.rs +++ b/cargo-cyclonedx/src/main.rs @@ -72,7 +72,7 @@ fn main() -> anyhow::Result<()> { log::trace!("Running `cargo metadata` finished"); log::trace!("SBOM generation started"); - let boms = SbomGenerator::create_sboms(ws, &cli_config)?; + let boms = SbomGenerator::create_sboms(metadata, &cli_config)?; log::trace!("SBOM generation finished"); log::trace!("SBOM output started"); From f7d240cf313d3064601dc5c0ac83f5bda063c52a Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 01:28:25 +0100 Subject: [PATCH 07/26] convert create_sboms() and create_bom() to cargo-metadata Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 61 +++++++++++++++++--------------- 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 8a0cb68a..c6e5673a 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -22,15 +22,10 @@ use crate::config::SbomConfig; use crate::format::Format; use crate::toml::config_from_toml; use crate::toml::ConfigError; -use cargo::core::dependency::DepKind; -use cargo::core::Package; -use cargo::core::PackageSet; -use cargo::core::Resolve; -use cargo::core::Workspace; -use cargo::ops; use cargo_metadata; use cargo_metadata::Metadata as CargoMetadata; +use cargo_metadata::Package; use cargo_metadata::PackageId; use cyclonedx_bom::external_models::normalized_string::NormalizedString; @@ -50,11 +45,15 @@ use cyclonedx_bom::validation::Validate; use once_cell::sync::Lazy; use regex::Regex; +use std::collections::BTreeMap; use std::convert::TryFrom; use std::{collections::BTreeSet, fs::File, path::PathBuf}; use thiserror::Error; use validator::validate_email; +// Maps from PackageId to Package for efficiency - faster lookups than in a Vec +type PackageMap = BTreeMap; + pub struct SbomGenerator {} impl SbomGenerator { @@ -69,20 +68,13 @@ impl SbomGenerator { // TODO: restore custom TOML config support, or just gut it? let workspace_config = config_from_toml(None)?; let members: Vec = meta.workspace_members; - - let (package_ids, resolve) = - ops::resolve_ws(&ws).map_err(|error| GeneratorError::CargoConfigError { - config_filepath: ws.root_manifest().to_string_lossy().to_string(), - error, - })?; + let packages = index_packages(meta.packages); let mut result = Vec::with_capacity(members.len()); for member in members.iter() { - log::trace!( - "Processing the package {} configuration", - member.manifest_path().to_string_lossy() - ); - let package_config = config_from_toml(member.manifest().custom_metadata())?; + log::trace!("Processing the package {} configuration", member); + // TODO: restore custom TOML config support, or just gut it? + let package_config = config_from_toml(None)?; let config = workspace_config .merge(&package_config) .merge(config_override); @@ -92,21 +84,24 @@ impl SbomGenerator { log::trace!("Config from config override: {:?}", config_override); log::debug!("Config from merged config: {:?}", config); - let dependencies = - if config.included_dependencies() == IncludedDependencies::AllDependencies { - all_dependencies(&members, &package_ids, &resolve)? - } else { - top_level_dependencies(member, &package_ids, &resolve)? - }; + // TODO: restore support for reporting top-level dependencies only + // (assuming that mode is compliant with the CycloneDX spec) - let bom = create_bom(member, dependencies)?; + // let dependencies = + // if config.included_dependencies() == IncludedDependencies::AllDependencies { + // all_dependencies(&members, &package_ids, &resolve)? + // } else { + // top_level_dependencies(member, &package_ids, &resolve)? + // }; + + let bom = create_bom(member, &packages)?; log::debug!("Bom validation: {:?}", &bom.validate()); let generated = GeneratedSbom { bom, - manifest_path: member.manifest_path().to_path_buf(), - package_name: member.name().to_string(), + manifest_path: packages[member].manifest_path.into_std_path_buf(), + package_name: packages[member].name.clone(), sbom_config: config, }; @@ -117,11 +112,21 @@ impl SbomGenerator { } } -fn create_bom(package: &Package, dependencies: BTreeSet) -> Result { +fn index_packages(packages: Vec) -> PackageMap { + packages + .into_iter() + .map(|pkg| (pkg.id.clone(), pkg)) + .collect() +} + +fn create_bom(package: &PackageId, dependencies: &PackageMap) -> Result { let mut bom = Bom::default(); + // TODO: add a filter to limit the dependency list to only the chosen package. + // This is not even a regression because the old code didn't do this either. + let components: Vec<_> = dependencies - .into_iter() + .values() .map(|package| create_component(&package)) .collect(); From 916372963e5e7455daee04dfa7771d691f7f29c4 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 01:41:28 +0100 Subject: [PATCH 08/26] Convert the rest of the generator functions to cargo-metadata Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 41 +++++++++++++++----------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index c6e5673a..ba140528 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -132,7 +132,7 @@ fn create_bom(package: &PackageId, dependencies: &PackageMap) -> Result Result Component { - let name = package.name().to_owned().trim().to_string(); - let version = package.version().to_string(); + let name = package.name.to_owned().trim().to_string(); + let version = package.version.to_string(); let purl = match Purl::new("cargo", &name, &version) { Ok(purl) => Some(purl), Err(e) => { - log::error!("Package {} has an invalid Purl: {} ", package.name(), e); + log::error!("Package {} has an invalid Purl: {} ", package.name, e); None } }; @@ -164,8 +164,6 @@ fn create_component(package: &Package) -> Component { component.licenses = get_licenses(package); component.description = package - .manifest() - .metadata() .description .as_ref() .map(|s| NormalizedString::new(s)); @@ -174,7 +172,8 @@ fn create_component(package: &Package) -> Component { } fn get_classification(pkg: &Package) -> Classification { - if pkg.targets().iter().any(|tgt| tgt.is_bin()) { + // FIXME: this is almost certainly wrong + if pkg.targets.iter().any(|tgt| tgt.is_bin()) { return Classification::Application; } @@ -184,9 +183,7 @@ fn get_classification(pkg: &Package) -> Classification { fn get_external_references(package: &Package) -> Option { let mut references = Vec::new(); - let metadata = package.manifest().metadata(); - - if let Some(documentation) = &metadata.documentation { + if let Some(documentation) = &package.documentation { match Uri::try_from(documentation.to_string()) { Ok(uri) => references.push(ExternalReference::new( ExternalReferenceType::Documentation, @@ -194,43 +191,43 @@ fn get_external_references(package: &Package) -> Option { )), Err(e) => log::error!( "Package {} has an invalid documentation URI ({}): {} ", - package.name(), + package.name, documentation, e ), } } - if let Some(website) = &metadata.homepage { + if let Some(website) = &package.homepage { match Uri::try_from(website.to_string()) { Ok(uri) => references.push(ExternalReference::new(ExternalReferenceType::Website, uri)), Err(e) => log::error!( "Package {} has an invalid homepage URI ({}): {} ", - package.name(), + package.name, website, e ), } } - if let Some(other) = &metadata.links { + if let Some(other) = &package.links { match Uri::try_from(other.to_string()) { Ok(uri) => references.push(ExternalReference::new(ExternalReferenceType::Other, uri)), Err(e) => log::error!( "Package {} has an invalid links URI ({}): {} ", - package.name(), + package.name, other, e ), } } - if let Some(vcs) = &metadata.repository { + if let Some(vcs) = &package.repository { match Uri::try_from(vcs.to_string()) { Ok(uri) => references.push(ExternalReference::new(ExternalReferenceType::Vcs, uri)), Err(e) => log::error!( "Package {} has an invalid repository URI ({}): {} ", - package.name(), + package.name, vcs, e ), @@ -247,13 +244,13 @@ fn get_external_references(package: &Package) -> Option { fn get_licenses(package: &Package) -> Option { let mut licenses = vec![]; - if let Some(license) = package.manifest().metadata().license.as_ref() { + if let Some(license) = package.license.as_ref() { match SpdxExpression::try_from(license.to_string()) { Ok(expression) => licenses.push(LicenseChoice::Expression(expression)), Err(err) => { log::error!( "Package {} has an invalid license expression, trying lax parsing ({}): {}", - package.name(), + package.name, license, err ); @@ -263,7 +260,7 @@ fn get_licenses(package: &Package) -> Option { Err(err) => { log::error!( "Package {} has an invalid license expression that could not be converted to a valid expression, using named license ({}): {}", - package.name(), + package.name, license, err ); @@ -276,7 +273,7 @@ fn get_licenses(package: &Package) -> Option { } if licenses.is_empty() { - log::trace!("Package {} has no licenses", package.name()); + log::trace!("Package {} has no licenses", package.name); return None; } @@ -308,7 +305,7 @@ fn create_authors(package: &Package) -> Vec { let mut authors = vec![]; let mut invalid_authors = vec![]; - for author in &package.manifest().metadata().authors { + for author in &package.authors { match parse_author(author) { Ok(author) => authors.push(author), Err(e) => invalid_authors.push((author, e)), From efc37f290a9e36be6f6103e74c1fe2e45a666de6 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 01:42:44 +0100 Subject: [PATCH 09/26] Comment out toplevel/all dependency filtering for now Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 122 +++++++++++++++---------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index ba140528..35fa36b4 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -378,67 +378,67 @@ pub enum GeneratorError { InvalidRegexError(#[source] regex::Error), } -fn top_level_dependencies( - member: &Package, - package_ids: &PackageSet<'_>, - resolve: &Resolve, -) -> Result, GeneratorError> { - log::trace!("Adding top-level dependencies to SBOM"); - let mut dependencies = BTreeSet::new(); - - let all_dependencies = resolve - .deps(member.package_id()) - .filter(move |r| r.0 != member.package_id()) - .flat_map(|(_, dependency)| dependency) - .filter(|d| d.kind() == DepKind::Normal); - - for dependency in all_dependencies { - log::trace!("Dependency: {dependency:?}"); - match package_ids - .package_ids() - .find(|id| dependency.matches_id(*id)) - { - Some(package_id) => { - let package = package_ids - .get_one(package_id) - .map_err(|error| GeneratorError::PackageError { package_id, error })?; - dependencies.insert(package.to_owned()); - } - None => { - log::warn!( - "Unable to find package for dependency (name: {}, req: {}, source_id: {})", - dependency.package_name(), - dependency.version_req(), - dependency.source_id(), - ); - } - } - } - - Ok(dependencies) -} - -fn all_dependencies( - members: &[Package], - package_ids: &PackageSet<'_>, - resolve: &Resolve, -) -> Result, GeneratorError> { - log::trace!("Adding all dependencies to SBOM"); - let mut dependencies = BTreeSet::new(); - - for package_id in resolve.iter() { - let package = package_ids - .get_one(package_id) - .map_err(|error| GeneratorError::PackageError { package_id, error })?; - if members.contains(package) { - // Skip listing our own packages in our workspace - continue; - } - dependencies.insert(package.to_owned()); - } - - Ok(dependencies) -} +// fn top_level_dependencies( +// member: &Package, +// package_ids: &PackageSet<'_>, +// resolve: &Resolve, +// ) -> Result, GeneratorError> { +// log::trace!("Adding top-level dependencies to SBOM"); +// let mut dependencies = BTreeSet::new(); + +// let all_dependencies = resolve +// .deps(member.package_id()) +// .filter(move |r| r.0 != member.package_id()) +// .flat_map(|(_, dependency)| dependency) +// .filter(|d| d.kind() == DepKind::Normal); + +// for dependency in all_dependencies { +// log::trace!("Dependency: {dependency:?}"); +// match package_ids +// .package_ids() +// .find(|id| dependency.matches_id(*id)) +// { +// Some(package_id) => { +// let package = package_ids +// .get_one(package_id) +// .map_err(|error| GeneratorError::PackageError { package_id, error })?; +// dependencies.insert(package.to_owned()); +// } +// None => { +// log::warn!( +// "Unable to find package for dependency (name: {}, req: {}, source_id: {})", +// dependency.package_name(), +// dependency.version_req(), +// dependency.source_id(), +// ); +// } +// } +// } + +// Ok(dependencies) +// } + +// fn all_dependencies( +// members: &[Package], +// package_ids: &PackageSet<'_>, +// resolve: &Resolve, +// ) -> Result, GeneratorError> { +// log::trace!("Adding all dependencies to SBOM"); +// let mut dependencies = BTreeSet::new(); + +// for package_id in resolve.iter() { +// let package = package_ids +// .get_one(package_id) +// .map_err(|error| GeneratorError::PackageError { package_id, error })?; +// if members.contains(package) { +// // Skip listing our own packages in our workspace +// continue; +// } +// dependencies.insert(package.to_owned()); +// } + +// Ok(dependencies) +// } /// Contains a generated SBOM and context used in its generation /// From b3f9ad4521ee2b2d543ec1e996df5e4e1a1ca96d Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 01:43:08 +0100 Subject: [PATCH 10/26] BEHOLD, IT COMPILES Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 35fa36b4..35f568f1 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -100,7 +100,7 @@ impl SbomGenerator { let generated = GeneratedSbom { bom, - manifest_path: packages[member].manifest_path.into_std_path_buf(), + manifest_path: packages[member].manifest_path.clone().into_std_path_buf(), package_name: packages[member].name.clone(), sbom_config: config, }; From dbd33673171763f7667b21943491b21998fc4699 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 01:44:57 +0100 Subject: [PATCH 11/26] Purge the last reference to Cargo internals Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 35f568f1..e82e53f0 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -360,7 +360,7 @@ pub enum GeneratorError { #[error("Error retrieving package information: {package_id}")] PackageError { - package_id: cargo::core::package_id::PackageId, + package_id: cargo_metadata::PackageId, #[source] error: anyhow::Error, }, From 7b52d4adfea14e4edd646fd3a1e3a9d9fdebbede Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 01:45:15 +0100 Subject: [PATCH 12/26] Remove Cargo from the dependency tree Signed-off-by: Sergey "Shnatsel" Davidoff --- Cargo.lock | 2104 +----------------------------------- cargo-cyclonedx/Cargo.toml | 1 - 2 files changed, 44 insertions(+), 2061 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 56769a72..6cd0b5e0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,24 +2,6 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "adler" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" - -[[package]] -name = "ahash" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" -dependencies = [ - "cfg-if", - "getrandom", - "once_cell", - "version_check", -] - [[package]] name = "aho-corasick" version = "1.0.4" @@ -83,18 +65,6 @@ version = "1.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" -[[package]] -name = "arc-swap" -version = "1.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" - -[[package]] -name = "arrayvec" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" - [[package]] name = "assert_cmd" version = "2.0.12" @@ -131,24 +101,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" -[[package]] -name = "base16ct" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" - [[package]] name = "base64" version = "0.21.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" -[[package]] -name = "base64ct" -version = "1.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" - [[package]] name = "bitflags" version = "1.3.2" @@ -161,24 +119,6 @@ version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" -[[package]] -name = "bitmaps" -version = "2.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "031043d04099746d8db04daf1fa424b2bc8bd69d92b25962dcde24da39ab64a2" -dependencies = [ - "typenum", -] - -[[package]] -name = "block-buffer" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -dependencies = [ - "generic-array", -] - [[package]] name = "bstr" version = "1.6.0" @@ -190,33 +130,12 @@ dependencies = [ "serde", ] -[[package]] -name = "btoi" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9dd6407f73a9b8b6162d8a2ef999fe6afd7cc15902ebf42c5cd296addf17e0ad" -dependencies = [ - "num-traits", -] - -[[package]] -name = "bumpalo" -version = "3.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" - [[package]] name = "bytes" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" -[[package]] -name = "bytesize" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e368af43e418a04d52505cf3dbc23dda4e3407ae2fa99fd0e4f308ce546acc" - [[package]] name = "camino" version = "1.1.6" @@ -226,74 +145,6 @@ dependencies = [ "serde", ] -[[package]] -name = "cargo" -version = "0.73.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34a16bd56ebd2e99fdb2a5fc4c520fb7dca5db914ef77d356bfe1257aef813e4" -dependencies = [ - "anyhow", - "base64", - "bytesize", - "cargo-platform", - "cargo-util", - "clap", - "crates-io", - "curl", - "curl-sys", - "env_logger", - "filetime", - "flate2", - "fwdansi", - "git2", - "git2-curl", - "gix", - "gix-features", - "glob", - "hex", - "hmac", - "home", - "http-auth", - "humantime", - "ignore", - "im-rc", - "indexmap 1.9.3", - "itertools", - "jobserver", - "lazycell", - "libc", - "libgit2-sys", - "log", - "memchr", - "opener", - "os_info", - "pasetors", - "pathdiff", - "pulldown-cmark", - "rand", - "rustfix", - "semver", - "serde", - "serde-value", - "serde_ignored", - "serde_json", - "sha1", - "shell-escape", - "strip-ansi-escapes", - "syn 2.0.29", - "tar", - "tempfile", - "termcolor", - "time", - "toml", - "toml_edit", - "unicode-width", - "unicode-xid", - "url", - "walkdir", - "windows-sys 0.48.0", -] - [[package]] name = "cargo-cyclonedx" version = "0.3.8" @@ -301,7 +152,6 @@ dependencies = [ "anyhow", "assert_cmd", "assert_fs", - "cargo", "cargo_metadata", "clap", "cyclonedx-bom", @@ -325,28 +175,6 @@ dependencies = [ "serde", ] -[[package]] -name = "cargo-util" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd54c8b94a0c851d687924460637361c355afafa72d973fe8644499fbdee8fae" -dependencies = [ - "anyhow", - "core-foundation", - "filetime", - "hex", - "jobserver", - "libc", - "log", - "miow", - "same-file", - "sha2", - "shell-escape", - "tempfile", - "walkdir", - "windows-sys 0.48.0", -] - [[package]] name = "cargo_metadata" version = "0.18.1" @@ -367,7 +195,6 @@ version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ - "jobserver", "libc", ] @@ -398,7 +225,6 @@ dependencies = [ "anstyle", "clap_lex", "strsim", - "terminal_size", ] [[package]] @@ -410,7 +236,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.29", + "syn", ] [[package]] @@ -419,12 +245,6 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd7cc57abe963c6d3b9d8be5b06ba7c8957a930305ca90304f24ef040aa6f961" -[[package]] -name = "clru" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8191fa7302e03607ff0e237d4246cc043ff5b3cb9409d995172ba3bea16b807" - [[package]] name = "colorchoice" version = "1.0.0" @@ -443,138 +263,6 @@ dependencies = [ "windows-sys 0.45.0", ] -[[package]] -name = "const-oid" -version = "0.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" - -[[package]] -name = "core-foundation" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation-sys" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" - -[[package]] -name = "cpufeatures" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" -dependencies = [ - "libc", -] - -[[package]] -name = "crates-io" -version = "0.37.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "876aa69b4afca5f2eb5e23daa3445930faf829bcb67075a20ffa884f11f8c57c" -dependencies = [ - "anyhow", - "curl", - "percent-encoding", - "serde", - "serde_json", - "url", -] - -[[package]] -name = "crc32fast" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" -dependencies = [ - "cfg-if", -] - -[[package]] -name = "crossbeam-channel" -version = "0.5.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200" -dependencies = [ - "cfg-if", - "crossbeam-utils", -] - -[[package]] -name = "crossbeam-utils" -version = "0.8.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] - -[[package]] -name = "crypto-bigint" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4c2f4e1afd912bc40bfd6fed5d9dc1f288e0ba01bfcc835cc5bc3eb13efe15" -dependencies = [ - "generic-array", - "rand_core", - "subtle", - "zeroize", -] - -[[package]] -name = "crypto-common" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" -dependencies = [ - "generic-array", - "typenum", -] - -[[package]] -name = "ct-codecs" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3b7eb4404b8195a9abb6356f4ac07d8ba267045c8d6d220ac4dc992e6cc75df" - -[[package]] -name = "curl" -version = "0.4.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "509bd11746c7ac09ebd19f0b17782eae80aadee26237658a6b4808afb5c11a22" -dependencies = [ - "curl-sys", - "libc", - "openssl-probe", - "openssl-sys", - "schannel", - "socket2", - "winapi", -] - -[[package]] -name = "curl-sys" -version = "0.4.65+curl-8.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "961ba061c9ef2fe34bbd12b807152d96f0badd2bebe7b90ce6c8c8b7572a0986" -dependencies = [ - "cc", - "libc", - "libnghttp2-sys", - "libz-sys", - "openssl-sys", - "pkg-config", - "vcpkg", - "winapi", -] - [[package]] name = "cyclonedx-bom" version = "0.4.1" @@ -595,17 +283,6 @@ dependencies = [ "xml-rs", ] -[[package]] -name = "der" -version = "0.7.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" -dependencies = [ - "const-oid", - "pem-rfc7468", - "zeroize", -] - [[package]] name = "deranged" version = "0.3.8" @@ -624,80 +301,18 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" -[[package]] -name = "digest" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -dependencies = [ - "block-buffer", - "const-oid", - "crypto-common", - "subtle", -] - [[package]] name = "doc-comment" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" -[[package]] -name = "dunce" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" - -[[package]] -name = "ecdsa" -version = "0.16.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4" -dependencies = [ - "der", - "digest", - "elliptic-curve", - "rfc6979", - "signature", - "spki", -] - -[[package]] -name = "ed25519-compact" -version = "2.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a3d382e8464107391c8706b4c14b087808ecb909f6c15c34114bc42e53a9e4c" -dependencies = [ - "getrandom", -] - [[package]] name = "either" version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" -[[package]] -name = "elliptic-curve" -version = "0.13.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b" -dependencies = [ - "base16ct", - "crypto-bigint", - "digest", - "ff", - "generic-array", - "group", - "hkdf", - "pem-rfc7468", - "pkcs8", - "rand_core", - "sec1", - "subtle", - "zeroize", -] - [[package]] name = "encode_unicode" version = "0.3.6" @@ -744,60 +359,12 @@ dependencies = [ "libc", ] -[[package]] -name = "faster-hex" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9042d281a5eec0f2387f8c3ea6c4514e2cf2732c90a85aaf383b761ee3b290d" -dependencies = [ - "serde", -] - [[package]] name = "fastrand" version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" -[[package]] -name = "ff" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" -dependencies = [ - "rand_core", - "subtle", -] - -[[package]] -name = "fiat-crypto" -version = "0.1.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77" - -[[package]] -name = "filetime" -version = "0.2.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4029edd3e734da6fe05b6cd7bd2960760a616bd2ddd0d59a0124746d6272af0" -dependencies = [ - "cfg-if", - "libc", - "redox_syscall", - "windows-sys 0.48.0", -] - -[[package]] -name = "flate2" -version = "1.0.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010" -dependencies = [ - "crc32fast", - "libz-sys", - "miniz_oxide", -] - [[package]] name = "float-cmp" version = "0.9.0" @@ -822,27 +389,6 @@ dependencies = [ "percent-encoding", ] -[[package]] -name = "fwdansi" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08c1f5787fe85505d1f7777268db5103d80a7a374d2316a7ce262e57baf8f208" -dependencies = [ - "memchr", - "termcolor", -] - -[[package]] -name = "generic-array" -version = "0.14.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", - "zeroize", -] - [[package]] name = "getrandom" version = "0.2.10" @@ -850,736 +396,34 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi", - "wasm-bindgen", ] [[package]] -name = "git2" -version = "0.17.2" +name = "globset" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b989d6a7ca95a362cf2cfc5ad688b3a467be1f87e480b8dad07fee8c79b0044" +checksum = "759c97c1e17c55525b57192c06a267cda0ac5210b222d6b82189a2338fa1c13d" dependencies = [ - "bitflags 1.3.2", - "libc", - "libgit2-sys", + "aho-corasick", + "bstr", + "fnv", "log", - "openssl-probe", - "openssl-sys", - "url", + "regex", ] [[package]] -name = "git2-curl" -version = "0.18.0" +name = "globwalk" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8f8b7432b72928cff76f69e59ed5327f94a52763731e71274960dee72fe5f8c" -dependencies = [ - "curl", - "git2", - "log", - "url", -] - -[[package]] -name = "gix" -version = "0.45.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf2a03ec66ee24d1b2bae3ab718f8d14f141613810cb7ff6756f7db667f1cd82" -dependencies = [ - "gix-actor", - "gix-attributes", - "gix-commitgraph", - "gix-config", - "gix-credentials", - "gix-date", - "gix-diff", - "gix-discover", - "gix-features", - "gix-fs", - "gix-glob", - "gix-hash", - "gix-hashtable", - "gix-ignore", - "gix-index", - "gix-lock", - "gix-mailmap", - "gix-negotiate", - "gix-object", - "gix-odb", - "gix-pack", - "gix-path", - "gix-prompt", - "gix-protocol", - "gix-ref", - "gix-refspec", - "gix-revision", - "gix-sec", - "gix-tempfile", - "gix-transport", - "gix-traverse", - "gix-url", - "gix-utils", - "gix-validate", - "gix-worktree", - "log", - "once_cell", - "prodash", - "signal-hook", - "smallvec", - "thiserror", - "unicode-normalization", -] - -[[package]] -name = "gix-actor" -version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fe73f9f6be1afbf1bd5be919a9636fa560e2f14d42262a934423ed6760cd838" -dependencies = [ - "bstr", - "btoi", - "gix-date", - "itoa", - "nom", - "thiserror", -] - -[[package]] -name = "gix-attributes" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78b79590ac382f80d87e06416f5fcac6fee5d83dcb152a00ed0bdbaa988acc31" -dependencies = [ - "bstr", - "gix-glob", - "gix-path", - "gix-quote", - "kstring", - "log", - "smallvec", - "thiserror", - "unicode-bom", -] - -[[package]] -name = "gix-bitmap" -version = "0.2.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ccab4bc576844ddb51b78d81b4a42d73e6229660fa614dfc3d3999c874d1959" -dependencies = [ - "thiserror", -] - -[[package]] -name = "gix-chunk" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b42ea64420f7994000130328f3c7a2038f639120518870436d31b8bde704493" -dependencies = [ - "thiserror", -] - -[[package]] -name = "gix-command" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f28f654184b5f725c5737c7e4f466cbd8f0102ac352d5257eeab19647ee4256" -dependencies = [ - "bstr", -] - -[[package]] -name = "gix-commitgraph" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8490ae1b3d55c47e6a71d247c082304a2f79f8d0332c1a2f5693d42a2021a09" -dependencies = [ - "bstr", - "gix-chunk", - "gix-features", - "gix-hash", - "memmap2", - "thiserror", -] - -[[package]] -name = "gix-config" -version = "0.23.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51f310120ae1ba8f0ca52fb22876ce9bad5b15c8ffb3eb7302e4b64a3b9f681c" -dependencies = [ - "bstr", - "gix-config-value", - "gix-features", - "gix-glob", - "gix-path", - "gix-ref", - "gix-sec", - "log", - "memchr", - "nom", - "once_cell", - "smallvec", - "thiserror", - "unicode-bom", -] - -[[package]] -name = "gix-config-value" -version = "0.12.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e874f41437441c02991dcea76990b9058fadfc54b02ab4dd06ab2218af43897" -dependencies = [ - "bitflags 2.4.0", - "bstr", - "gix-path", - "libc", - "thiserror", -] - -[[package]] -name = "gix-credentials" -version = "0.15.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f89fea8acd28f5ef8fa5042146f1637afd4d834bc8f13439d8fd1e5aca0d65" -dependencies = [ - "bstr", - "gix-command", - "gix-config-value", - "gix-path", - "gix-prompt", - "gix-sec", - "gix-url", - "thiserror", -] - -[[package]] -name = "gix-date" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc164145670e9130a60a21670d9b6f0f4f8de04e5dd256c51fa5a0340c625902" -dependencies = [ - "bstr", - "itoa", - "thiserror", - "time", -] - -[[package]] -name = "gix-diff" -version = "0.30.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9029ad0083cc286a4bd2f5b3bf66bb66398abc26f2731a2824cd5edfc41a0e33" -dependencies = [ - "gix-hash", - "gix-object", - "imara-diff", - "thiserror", -] - -[[package]] -name = "gix-discover" -version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aba9c6c0d1f2b2efe65581de73de4305004612d49c83773e783202a7ef204f46" -dependencies = [ - "bstr", - "dunce", - "gix-hash", - "gix-path", - "gix-ref", - "gix-sec", - "thiserror", -] - -[[package]] -name = "gix-features" -version = "0.30.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a8c493409bf6060d408eec9bbdd1b12ea351266b50012e2a522f75dfc7b8314" -dependencies = [ - "bytes", - "crc32fast", - "crossbeam-channel", - "flate2", - "gix-hash", - "libc", - "once_cell", - "parking_lot", - "prodash", - "sha1_smol", - "thiserror", - "walkdir", -] - -[[package]] -name = "gix-fs" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30da8997008adb87f94e15beb7ee229f8a48e97af585a584bfee4a5a1880aab5" -dependencies = [ - "gix-features", -] - -[[package]] -name = "gix-glob" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd0ade1e80ab1f079703d1824e1daf73009096386aa7fd2f0477f6e4ac0a558e" -dependencies = [ - "bitflags 2.4.0", - "bstr", - "gix-features", - "gix-path", -] - -[[package]] -name = "gix-hash" -version = "0.11.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b422ff2ad9a0628baaad6da468cf05385bf3f5ab495ad5a33cce99b9f41092f" -dependencies = [ - "hex", - "thiserror", -] - -[[package]] -name = "gix-hashtable" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "385f4ce6ecf3692d313ca3aa9bd3b3d8490de53368d6d94bedff3af8b6d9c58d" -dependencies = [ - "gix-hash", - "hashbrown 0.14.0", - "parking_lot", -] - -[[package]] -name = "gix-ignore" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc6f7f101a0ccce808dbf7008ba131dede94e20257e7bde7a44cbb2f8c775625" -dependencies = [ - "bstr", - "gix-glob", - "gix-path", - "unicode-bom", -] - -[[package]] -name = "gix-index" -version = "0.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "616ba958fabfb11263fa042c35690d48a6c7be4e9277e2c7e24ff263b3fe7b82" -dependencies = [ - "bitflags 2.4.0", - "bstr", - "btoi", - "filetime", - "gix-bitmap", - "gix-features", - "gix-hash", - "gix-lock", - "gix-object", - "gix-traverse", - "itoa", - "memmap2", - "smallvec", - "thiserror", -] - -[[package]] -name = "gix-lock" -version = "6.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ec5d5e6f07316d3553aa7425e3ecd935ec29882556021fe1696297a448af8d2" -dependencies = [ - "gix-tempfile", - "gix-utils", - "thiserror", -] - -[[package]] -name = "gix-mailmap" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4653701922c920e009f1bc4309feaff14882ade017770788f9a150928da3fa6a" -dependencies = [ - "bstr", - "gix-actor", - "thiserror", -] - -[[package]] -name = "gix-negotiate" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "945c3ef1e912e44a5f405fc9e924edf42000566a1b257ed52cb1293300f6f08c" -dependencies = [ - "bitflags 2.4.0", - "gix-commitgraph", - "gix-hash", - "gix-object", - "gix-revision", - "smallvec", - "thiserror", -] - -[[package]] -name = "gix-object" -version = "0.30.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8926c8f51c44dec3e709cb5dbc93deb9e8d4064c43c9efc54c158dcdfe8446c7" -dependencies = [ - "bstr", - "btoi", - "gix-actor", - "gix-features", - "gix-hash", - "gix-validate", - "hex", - "itoa", - "nom", - "smallvec", - "thiserror", -] - -[[package]] -name = "gix-odb" -version = "0.46.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b234d806278eeac2f907c8b5a105c4ba537230c1a9d9236d822bf0db291f8f3" -dependencies = [ - "arc-swap", - "gix-features", - "gix-hash", - "gix-object", - "gix-pack", - "gix-path", - "gix-quote", - "parking_lot", - "tempfile", - "thiserror", -] - -[[package]] -name = "gix-pack" -version = "0.36.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d2a14cb3156037eedb17d6cb7209b7180522b8949b21fd0fe3184c0a1d0af88" -dependencies = [ - "clru", - "gix-chunk", - "gix-diff", - "gix-features", - "gix-hash", - "gix-hashtable", - "gix-object", - "gix-path", - "gix-tempfile", - "gix-traverse", - "memmap2", - "parking_lot", - "smallvec", - "thiserror", -] - -[[package]] -name = "gix-packetline" -version = "0.16.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a374cb5eba089e3c123df4d996eb00da411bb90ec92cb35bffeeb2d22ee106a" -dependencies = [ - "bstr", - "faster-hex", - "thiserror", -] - -[[package]] -name = "gix-path" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18609c8cbec8508ea97c64938c33cd305b75dfc04a78d0c3b78b8b3fd618a77c" -dependencies = [ - "bstr", - "gix-trace", - "home", - "once_cell", - "thiserror", -] - -[[package]] -name = "gix-prompt" -version = "0.5.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c22decaf4a063ccae2b2108820c8630c01bd6756656df3fe464b32b8958a5ea" -dependencies = [ - "gix-command", - "gix-config-value", - "parking_lot", - "rustix 0.38.9", - "thiserror", -] - -[[package]] -name = "gix-protocol" -version = "0.33.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92a17058b45c461f0847528c5fb6ee6e76115e026979eb2d2202f98ee94f6c24" -dependencies = [ - "bstr", - "btoi", - "gix-credentials", - "gix-features", - "gix-hash", - "gix-transport", - "maybe-async", - "nom", - "thiserror", -] - -[[package]] -name = "gix-quote" -version = "0.4.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "475c86a97dd0127ba4465fbb239abac9ea10e68301470c9791a6dd5351cdc905" -dependencies = [ - "bstr", - "btoi", - "thiserror", -] - -[[package]] -name = "gix-ref" -version = "0.30.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebdd999256f4ce8a5eefa89999879c159c263f3493a951d62aa5ce42c0397e1c" -dependencies = [ - "gix-actor", - "gix-features", - "gix-fs", - "gix-hash", - "gix-lock", - "gix-object", - "gix-path", - "gix-tempfile", - "gix-validate", - "memmap2", - "nom", - "thiserror", -] - -[[package]] -name = "gix-refspec" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72bfd622abc86dd8ad1ec51b9eb77b4f1a766b94e3a1b87cf4a022c5b5570cf4" -dependencies = [ - "bstr", - "gix-hash", - "gix-revision", - "gix-validate", - "smallvec", - "thiserror", -] - -[[package]] -name = "gix-revision" -version = "0.15.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5044f56cd7a487ce9b034cbe0252ae0b6b47ff56ca3dabd79bc30214d0932cd7" -dependencies = [ - "bstr", - "gix-date", - "gix-hash", - "gix-hashtable", - "gix-object", - "gix-revwalk", - "thiserror", -] - -[[package]] -name = "gix-revwalk" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc2623ba8747914f151f5e12b65adac576ab459dbed5f50a36c7a3e9cbf2d3ca" -dependencies = [ - "gix-commitgraph", - "gix-hash", - "gix-hashtable", - "gix-object", - "smallvec", - "thiserror", -] - -[[package]] -name = "gix-sec" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9615cbd6b456898aeb942cd75e5810c382fbfc48dbbff2fa23ebd2d33dcbe9c7" -dependencies = [ - "bitflags 2.4.0", - "gix-path", - "libc", - "windows", -] - -[[package]] -name = "gix-tempfile" -version = "6.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3785cb010e9dc5c446dfbf02bc1119fc17d3a48a27c029efcb3a3c32953eb10" -dependencies = [ - "gix-fs", - "libc", - "once_cell", - "parking_lot", - "signal-hook", - "signal-hook-registry", - "tempfile", -] - -[[package]] -name = "gix-trace" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96b6d623a1152c3facb79067d6e2ecdae48130030cf27d6eb21109f13bd7b836" - -[[package]] -name = "gix-transport" -version = "0.32.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64a39ffed9a9078ed700605e064b15d7c6ae50aa65e7faa36ca6919e8081df15" -dependencies = [ - "base64", - "bstr", - "curl", - "gix-command", - "gix-credentials", - "gix-features", - "gix-packetline", - "gix-quote", - "gix-sec", - "gix-url", - "thiserror", -] - -[[package]] -name = "gix-traverse" -version = "0.26.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0842e984cb4bf26339dc559f3a1b8bf8cdb83547799b2b096822a59f87f33d9" -dependencies = [ - "gix-hash", - "gix-hashtable", - "gix-object", - "thiserror", -] - -[[package]] -name = "gix-url" -version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1663df25ac42047a2547618d2a6979a26f478073f6306997429235d2cd4c863" -dependencies = [ - "bstr", - "gix-features", - "gix-path", - "home", - "thiserror", - "url", -] - -[[package]] -name = "gix-utils" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b85d89dc728613e26e0ed952a19583744e7f5240fcd4aa30d6c824ffd8b52f0f" -dependencies = [ - "fastrand", -] - -[[package]] -name = "gix-validate" -version = "0.7.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba9b3737b2cef3dcd014633485f0034b0f1a931ee54aeb7d8f87f177f3c89040" -dependencies = [ - "bstr", - "thiserror", -] - -[[package]] -name = "gix-worktree" -version = "0.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d388ad962e8854402734a7387af8790f6bdbc8d05349052dab16ca4a0def50f6" -dependencies = [ - "bstr", - "filetime", - "gix-attributes", - "gix-features", - "gix-fs", - "gix-glob", - "gix-hash", - "gix-ignore", - "gix-index", - "gix-object", - "gix-path", - "io-close", - "thiserror", -] - -[[package]] -name = "glob" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" - -[[package]] -name = "globset" -version = "0.4.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "759c97c1e17c55525b57192c06a267cda0ac5210b222d6b82189a2338fa1c13d" -dependencies = [ - "aho-corasick", - "bstr", - "fnv", - "log", - "regex", -] - -[[package]] -name = "globwalk" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93e3af942408868f6934a7b85134a3230832b9977cf66125df2f9edcfce4ddcc" +checksum = "93e3af942408868f6934a7b85134a3230832b9977cf66125df2f9edcfce4ddcc" dependencies = [ "bitflags 1.3.2", "ignore", "walkdir", ] -[[package]] -name = "group" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" -dependencies = [ - "ff", - "rand_core", - "subtle", -] - -[[package]] -name = "hashbrown" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" - [[package]] name = "hashbrown" version = "0.14.0" @@ -1598,39 +442,6 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" -[[package]] -name = "hex" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" - -[[package]] -name = "hkdf" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" -dependencies = [ - "hmac", -] - -[[package]] -name = "hmac" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" -dependencies = [ - "digest", -] - -[[package]] -name = "home" -version = "0.5.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" -dependencies = [ - "windows-sys 0.48.0", -] - [[package]] name = "http" version = "0.2.9" @@ -1642,15 +453,6 @@ dependencies = [ "itoa", ] -[[package]] -name = "http-auth" -version = "0.1.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5430cacd7a1f9a02fbeb350dfc81a0e5ed42d81f3398cb0ba184017f85bdcfbc" -dependencies = [ - "memchr", -] - [[package]] name = "humantime" version = "2.1.0" @@ -1684,40 +486,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "im-rc" -version = "15.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af1955a75fa080c677d3972822ec4bad316169ab1cfc6c257a942c2265dbe5fe" -dependencies = [ - "bitmaps", - "rand_core", - "rand_xoshiro", - "sized-chunks", - "typenum", - "version_check", -] - -[[package]] -name = "imara-diff" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e98c1d0ad70fc91b8b9654b1f33db55e59579d3b3de2bffdced0fdb810570cb8" -dependencies = [ - "ahash", - "hashbrown 0.12.3", -] - -[[package]] -name = "indexmap" -version = "1.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" -dependencies = [ - "autocfg", - "hashbrown 0.12.3", -] - [[package]] name = "indexmap" version = "2.0.0" @@ -1725,44 +493,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" dependencies = [ "equivalent", - "hashbrown 0.14.0", -] - -[[package]] -name = "insta" -version = "1.33.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1aa511b2e298cd49b1856746f6bb73e17036bcd66b25f5e92cdcdbec9bd75686" -dependencies = [ - "console", - "globset", - "lazy_static", - "linked-hash-map", - "serde", - "similar", - "walkdir", - "yaml-rust", -] - -[[package]] -name = "io-close" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cadcf447f06744f8ce713d2d6239bb5bde2c357a452397a9ed90c625da390bc" -dependencies = [ - "libc", - "winapi", + "hashbrown", ] [[package]] -name = "io-lifetimes" -version = "1.0.11" +name = "insta" +version = "1.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +checksum = "1aa511b2e298cd49b1856746f6bb73e17036bcd66b25f5e92cdcdbec9bd75686" dependencies = [ - "hermit-abi", - "libc", - "windows-sys 0.48.0", + "console", + "globset", + "lazy_static", + "linked-hash-map", + "serde", + "similar", + "walkdir", + "yaml-rust", ] [[package]] @@ -1772,7 +519,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.9", + "rustix", "windows-sys 0.48.0", ] @@ -1791,195 +538,42 @@ version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" -[[package]] -name = "jobserver" -version = "0.1.26" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" -dependencies = [ - "libc", -] - -[[package]] -name = "js-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" -dependencies = [ - "wasm-bindgen", -] - -[[package]] -name = "kstring" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3066350882a1cd6d950d055997f379ac37fd39f81cd4d8ed186032eb3c5747" -dependencies = [ - "static_assertions", -] - [[package]] name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -[[package]] -name = "lazycell" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" - [[package]] name = "libc" version = "0.2.147" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" -[[package]] -name = "libgit2-sys" -version = "0.15.2+1.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a80df2e11fb4a61f4ba2ab42dbe7f74468da143f1a75c74e11dee7c813f694fa" -dependencies = [ - "cc", - "libc", - "libssh2-sys", - "libz-sys", - "openssl-sys", - "pkg-config", -] - -[[package]] -name = "libnghttp2-sys" -version = "0.1.8+1.55.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fae956c192dadcdb5dace96db71fa0b827333cce7c7b38dc71446f024d8a340" -dependencies = [ - "cc", - "libc", -] - -[[package]] -name = "libssh2-sys" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dc8a030b787e2119a731f1951d6a773e2280c660f8ec4b0f5e1505a386e71ee" -dependencies = [ - "cc", - "libc", - "libz-sys", - "openssl-sys", - "pkg-config", - "vcpkg", -] - -[[package]] -name = "libz-sys" -version = "1.1.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d97137b25e321a73eef1418d1d5d2eda4d77e12813f8e6dead84bc52c5870a7b" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "linked-hash-map" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" -[[package]] -name = "linux-raw-sys" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" - [[package]] name = "linux-raw-sys" version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503" -[[package]] -name = "lock_api" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" -dependencies = [ - "autocfg", - "scopeguard", -] - [[package]] name = "log" version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" -[[package]] -name = "maybe-async" -version = "0.2.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f1b8c13cb1f814b634a96b2c725449fe7ed464a7b8781de8688be5ffbd3f305" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.109", -] - [[package]] name = "memchr" version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" -[[package]] -name = "memmap2" -version = "0.5.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83faa42c0a078c393f6b29d5db232d8be22776a891f8f56e5284faee4a20b327" -dependencies = [ - "libc", -] - -[[package]] -name = "minimal-lexical" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" - -[[package]] -name = "miniz_oxide" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" -dependencies = [ - "adler", -] - -[[package]] -name = "miow" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52ffbca2f655e33c08be35d87278e5b18b89550a37dbd598c20db92f6a471123" -dependencies = [ - "windows-sys 0.42.0", -] - -[[package]] -name = "nom" -version = "7.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" -dependencies = [ - "memchr", - "minimal-lexical", -] - [[package]] name = "normalize-line-endings" version = "0.3.0" @@ -1995,92 +589,12 @@ dependencies = [ "autocfg", ] -[[package]] -name = "num_threads" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44" -dependencies = [ - "libc", -] - [[package]] name = "once_cell" version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" -[[package]] -name = "opener" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "293c15678e37254c15bd2f092314abb4e51d7fdde05c2021279c12631b54f005" -dependencies = [ - "bstr", - "winapi", -] - -[[package]] -name = "openssl-probe" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" - -[[package]] -name = "openssl-sys" -version = "0.9.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "866b5f16f90776b9bb8dc1e1802ac6f0513de3a7a7465867bfbc563dc737faac" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - -[[package]] -name = "ordered-float" -version = "2.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7940cf2ca942593318d07fcf2596cdca60a85c9e7fab408a5e21a4f9dcd40d87" -dependencies = [ - "num-traits", -] - -[[package]] -name = "orion" -version = "0.17.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b11468cc6afd61a126fe3f91cc4cc8a0dbe7917d0a4b5e8357ba91cc47444462" -dependencies = [ - "fiat-crypto", - "subtle", - "zeroize", -] - -[[package]] -name = "os_info" -version = "3.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "006e42d5b888366f1880eda20371fedde764ed2213dc8496f49622fa0c99cd5e" -dependencies = [ - "log", - "serde", - "winapi", -] - -[[package]] -name = "p384" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" -dependencies = [ - "ecdsa", - "elliptic-curve", - "primeorder", - "sha2", -] - [[package]] name = "packageurl" version = "0.3.0" @@ -2091,93 +605,12 @@ dependencies = [ "thiserror", ] -[[package]] -name = "parking_lot" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" -dependencies = [ - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" -dependencies = [ - "cfg-if", - "libc", - "redox_syscall", - "smallvec", - "windows-targets 0.48.5", -] - -[[package]] -name = "pasetors" -version = "0.6.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba765699a309908d55950919a3445e9491453e89b2587b1b2abe4143a48894c0" -dependencies = [ - "ct-codecs", - "ed25519-compact", - "getrandom", - "orion", - "p384", - "rand_core", - "regex", - "serde", - "serde_json", - "sha2", - "subtle", - "time", - "zeroize", -] - -[[package]] -name = "pathdiff" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8835116a5c179084a830efb3adc117ab007512b535bc1a21c991d3b32a6b44dd" - -[[package]] -name = "pem-rfc7468" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" -dependencies = [ - "base64ct", -] - [[package]] name = "percent-encoding" version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" -[[package]] -name = "pkcs8" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" -dependencies = [ - "der", - "spki", -] - -[[package]] -name = "pkg-config" -version = "0.3.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" - -[[package]] -name = "ppv-lite86" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" - [[package]] name = "predicates" version = "3.0.3" @@ -2205,104 +638,36 @@ version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "368ba315fb8c5052ab692e68a0eefec6ec57b23a36959c14496f0b0df2c0cecf" dependencies = [ - "predicates-core", - "termtree", -] - -[[package]] -name = "pretty_assertions" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af7cee1a6c8a5b9208b3cb1061f10c0cb689087b3d8ce85fb9d2dd7a29b6ba66" -dependencies = [ - "diff", - "yansi", -] - -[[package]] -name = "primeorder" -version = "0.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3" -dependencies = [ - "elliptic-curve", -] - -[[package]] -name = "proc-macro2" -version = "1.0.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "prodash" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d67eb4220992a4a052a4bb03cf776e493ecb1a3a36bab551804153d63486af7" -dependencies = [ - "parking_lot", -] - -[[package]] -name = "pulldown-cmark" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77a1a2f1f0a7ecff9c31abbe177637be0e97a0aef46cf8738ece09327985d998" -dependencies = [ - "bitflags 1.3.2", - "memchr", - "unicase", -] - -[[package]] -name = "quote" -version = "1.0.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "rand" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" -dependencies = [ - "libc", - "rand_chacha", - "rand_core", + "predicates-core", + "termtree", ] [[package]] -name = "rand_chacha" -version = "0.3.1" +name = "pretty_assertions" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +checksum = "af7cee1a6c8a5b9208b3cb1061f10c0cb689087b3d8ce85fb9d2dd7a29b6ba66" dependencies = [ - "ppv-lite86", - "rand_core", + "diff", + "yansi", ] [[package]] -name = "rand_core" -version = "0.6.4" +name = "proc-macro2" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" dependencies = [ - "getrandom", + "unicode-ident", ] [[package]] -name = "rand_xoshiro" -version = "0.6.0" +name = "quote" +version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f97cdb2a36ed4183de61b2f824cc45c9f1037f28afe0a322e9fff4c108b5aaa" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" dependencies = [ - "rand_core", + "proc-macro2", ] [[package]] @@ -2343,42 +708,6 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5ea92a5b6195c6ef2a0295ea818b312502c6fc94dde986c5553242e18fd4ce2" -[[package]] -name = "rfc6979" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" -dependencies = [ - "hmac", - "subtle", -] - -[[package]] -name = "rustfix" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecd2853d9e26988467753bd9912c3a126f642d05d229a4b53f5752ee36c56481" -dependencies = [ - "anyhow", - "log", - "serde", - "serde_json", -] - -[[package]] -name = "rustix" -version = "0.37.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d69718bf81c6127a49dc64e44a742e8bb9213c0ff8869a22c308f84c1d4ab06" -dependencies = [ - "bitflags 1.3.2", - "errno", - "io-lifetimes", - "libc", - "linux-raw-sys 0.3.8", - "windows-sys 0.48.0", -] - [[package]] name = "rustix" version = "0.38.9" @@ -2388,7 +717,7 @@ dependencies = [ "bitflags 2.4.0", "errno", "libc", - "linux-raw-sys 0.4.5", + "linux-raw-sys", "windows-sys 0.48.0", ] @@ -2407,35 +736,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "schannel" -version = "0.1.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" -dependencies = [ - "windows-sys 0.48.0", -] - -[[package]] -name = "scopeguard" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" - -[[package]] -name = "sec1" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" -dependencies = [ - "base16ct", - "der", - "generic-array", - "pkcs8", - "subtle", - "zeroize", -] - [[package]] name = "semver" version = "1.0.18" @@ -2454,16 +754,6 @@ dependencies = [ "serde_derive", ] -[[package]] -name = "serde-value" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3a1a3341211875ef120e117ea7fd5228530ae7e7036a779fdc9117be6b3282c" -dependencies = [ - "ordered-float", - "serde", -] - [[package]] name = "serde_derive" version = "1.0.188" @@ -2472,16 +762,7 @@ checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", -] - -[[package]] -name = "serde_ignored" -version = "0.1.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80c31d5c53fd39f208e770f5a20a0bb214dee2a8d0d8adba18e19ad95a482ca5" -dependencies = [ - "serde", + "syn", ] [[package]] @@ -2504,101 +785,18 @@ dependencies = [ "serde", ] -[[package]] -name = "sha1" -version = "0.10.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - -[[package]] -name = "sha1_smol" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" - -[[package]] -name = "sha2" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - -[[package]] -name = "shell-escape" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45bb67a18fa91266cc7807181f62f9178a6873bfad7dc788c42e6430db40184f" - -[[package]] -name = "signal-hook" -version = "0.3.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" -dependencies = [ - "libc", - "signal-hook-registry", -] - -[[package]] -name = "signal-hook-registry" -version = "1.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" -dependencies = [ - "libc", -] - -[[package]] -name = "signature" -version = "2.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" -dependencies = [ - "digest", - "rand_core", -] - [[package]] name = "similar" version = "2.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "420acb44afdae038210c99e69aae24109f32f15500aa708e81d46c9f29d55fcf" -[[package]] -name = "sized-chunks" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16d69225bde7a69b235da73377861095455d298f2b970996eec25ddbb42b3d1e" -dependencies = [ - "bitmaps", - "typenum", -] - [[package]] name = "smallvec" version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" -[[package]] -name = "socket2" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "spdx" version = "0.10.2" @@ -2608,54 +806,12 @@ dependencies = [ "smallvec", ] -[[package]] -name = "spki" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" -dependencies = [ - "base64ct", - "der", -] - -[[package]] -name = "static_assertions" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" - -[[package]] -name = "strip-ansi-escapes" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "011cbb39cf7c1f62871aea3cc46e5817b0937b49e9447370c93cacbe93a766d8" -dependencies = [ - "vte", -] - [[package]] name = "strsim" version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" -[[package]] -name = "subtle" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" - -[[package]] -name = "syn" -version = "1.0.109" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - [[package]] name = "syn" version = "2.0.29" @@ -2667,16 +823,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "tar" -version = "0.4.40" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb" -dependencies = [ - "filetime", - "libc", -] - [[package]] name = "tempfile" version = "3.8.0" @@ -2686,7 +832,7 @@ dependencies = [ "cfg-if", "fastrand", "redox_syscall", - "rustix 0.38.9", + "rustix", "windows-sys 0.48.0", ] @@ -2699,16 +845,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "terminal_size" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e6bf6f19e9f8ed8d4048dc22981458ebcf406d67e94cd422e5ecd73d63b3237" -dependencies = [ - "rustix 0.37.23", - "windows-sys 0.48.0", -] - [[package]] name = "termtree" version = "0.4.1" @@ -2732,7 +868,7 @@ checksum = "49922ecae66cc8a249b77e68d1d0623c1b2c514f0060c27cdc68bd62a1219d35" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn", ] [[package]] @@ -2753,8 +889,6 @@ checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" dependencies = [ "deranged", "itoa", - "libc", - "num_threads", "serde", "time-core", "time-macros", @@ -2817,40 +951,19 @@ version = "0.19.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a" dependencies = [ - "indexmap 2.0.0", + "indexmap", "serde", "serde_spanned", "toml_datetime", "winnow", ] -[[package]] -name = "typenum" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" - -[[package]] -name = "unicase" -version = "2.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7d2d4dafb69621809a81864c9c1b864479e1235c0dd4e199924b9742439ed89" -dependencies = [ - "version_check", -] - [[package]] name = "unicode-bidi" version = "0.3.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" -[[package]] -name = "unicode-bom" -version = "2.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "98e90c70c9f0d4d1ee6d0a7d04aa06cb9bbd53d8cfbdd62a0269a7c2eb640552" - [[package]] name = "unicode-ident" version = "1.0.11" @@ -2866,18 +979,6 @@ dependencies = [ "tinyvec", ] -[[package]] -name = "unicode-width" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" - -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - [[package]] name = "url" version = "2.4.0" @@ -2919,39 +1020,6 @@ dependencies = [ "url", ] -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "vte" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6cbce692ab4ca2f1f3047fcf732430249c0e971bfdd2b234cf2c47ad93af5983" -dependencies = [ - "arrayvec", - "utf8parse", - "vte_generate_state_changes", -] - -[[package]] -name = "vte_generate_state_changes" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d257817081c7dffcdbab24b9e62d2def62e2ff7d00b1c20062551e6cccc145ff" -dependencies = [ - "proc-macro2", - "quote", -] - [[package]] name = "wait-timeout" version = "0.2.0" @@ -2977,60 +1045,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn 2.0.29", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.29", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" - [[package]] name = "winapi" version = "0.3.9" @@ -3062,30 +1076,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "windows" -version = "0.48.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" -dependencies = [ - "windows-targets 0.48.5", -] - -[[package]] -name = "windows-sys" -version = "0.42.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" -dependencies = [ - "windows_aarch64_gnullvm 0.42.2", - "windows_aarch64_msvc 0.42.2", - "windows_i686_gnu 0.42.2", - "windows_i686_msvc 0.42.2", - "windows_x86_64_gnu 0.42.2", - "windows_x86_64_gnullvm 0.42.2", - "windows_x86_64_msvc 0.42.2", -] - [[package]] name = "windows-sys" version = "0.45.0" @@ -3247,9 +1237,3 @@ name = "yansi" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec" - -[[package]] -name = "zeroize" -version = "1.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" diff --git a/cargo-cyclonedx/Cargo.toml b/cargo-cyclonedx/Cargo.toml index 869be78d..0a816d26 100644 --- a/cargo-cyclonedx/Cargo.toml +++ b/cargo-cyclonedx/Cargo.toml @@ -22,7 +22,6 @@ lto = "thin" [dependencies] anyhow = "1.0.75" -cargo = "0.73.0" cargo_metadata = "0.18.1" clap = { version = "4.4.0", features = ["derive"] } cyclonedx-bom = { version = "0.4.1", path = "../cyclonedx-bom" } From c3984238b57212c24a17467f8ab5dfae1cee0660 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 02:18:56 +0100 Subject: [PATCH 13/26] Re-enable reading config from Cargo.toml, even though this seems like a bad idea Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 10 +++++----- cargo-cyclonedx/src/main.rs | 12 ++++++------ cargo-cyclonedx/src/toml.rs | 30 +++++++++++++++++++++++------- 3 files changed, 34 insertions(+), 18 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index e82e53f0..774e8086 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -20,7 +20,7 @@ use crate::config::Pattern; use crate::config::Prefix; use crate::config::SbomConfig; use crate::format::Format; -use crate::toml::config_from_toml; +use crate::toml::config_from_file; use crate::toml::ConfigError; use cargo_metadata; @@ -47,6 +47,7 @@ use regex::Regex; use std::collections::BTreeMap; use std::convert::TryFrom; +use std::path::Path; use std::{collections::BTreeSet, fs::File, path::PathBuf}; use thiserror::Error; use validator::validate_email; @@ -60,21 +61,20 @@ impl SbomGenerator { pub fn create_sboms( meta: CargoMetadata, config_override: &SbomConfig, + manifest_path: &Path, ) -> Result, GeneratorError> { log::trace!( "Processing the workspace {} configuration", meta.workspace_root ); - // TODO: restore custom TOML config support, or just gut it? - let workspace_config = config_from_toml(None)?; + let workspace_config = config_from_file(manifest_path)?; let members: Vec = meta.workspace_members; let packages = index_packages(meta.packages); let mut result = Vec::with_capacity(members.len()); for member in members.iter() { log::trace!("Processing the package {} configuration", member); - // TODO: restore custom TOML config support, or just gut it? - let package_config = config_from_toml(None)?; + let package_config = config_from_file(manifest_path)?; let config = workspace_config .merge(&package_config) .merge(config_override); diff --git a/cargo-cyclonedx/src/main.rs b/cargo-cyclonedx/src/main.rs index 91a6d2ca..d8d723a2 100644 --- a/cargo-cyclonedx/src/main.rs +++ b/cargo-cyclonedx/src/main.rs @@ -48,7 +48,7 @@ use cargo_cyclonedx::generator::SbomGenerator; use std::{ io::{self}, - path::PathBuf, + path::{Path, PathBuf}, }; use cargo_metadata::{self, Metadata}; @@ -66,13 +66,15 @@ fn main() -> anyhow::Result<()> { setup_logging(&args)?; let cli_config = args.as_config()?; + let manifest_path = locate_manifest(&args)?; + log::debug!("Found the Cargo.toml file at {}", manifest_path.display()); log::trace!("Running `cargo metadata` started"); - let metadata = get_metadata(&args)?; + let metadata = get_metadata(&args, &manifest_path)?; log::trace!("Running `cargo metadata` finished"); log::trace!("SBOM generation started"); - let boms = SbomGenerator::create_sboms(metadata, &cli_config)?; + let boms = SbomGenerator::create_sboms(metadata, &cli_config, &manifest_path)?; log::trace!("SBOM generation finished"); log::trace!("SBOM output started"); @@ -126,9 +128,7 @@ fn locate_manifest(args: &Args) -> Result { } } -fn get_metadata(args: &Args) -> anyhow::Result { - let manifest_path = locate_manifest(&args)?; - +fn get_metadata(_args: &Args, manifest_path: &Path) -> anyhow::Result { let mut cmd = cargo_metadata::MetadataCommand::new(); cmd.manifest_path(manifest_path); // TODO: allow customizing the target platform, etc. diff --git a/cargo-cyclonedx/src/toml.rs b/cargo-cyclonedx/src/toml.rs index de04096d..dd8bd65a 100644 --- a/cargo-cyclonedx/src/toml.rs +++ b/cargo-cyclonedx/src/toml.rs @@ -21,9 +21,23 @@ use crate::format::Format; use serde::Deserialize; use std::convert::{TryFrom, TryInto}; +use std::path::Path; use std::str::FromStr; use thiserror::Error; +pub fn config_from_file(file: &Path) -> Result { + let file_contents = std::fs::read(file)?; + // we can .unwrap() here because Cargo.toml that's not UTF-8 will be rejected by Cargo + let string = std::str::from_utf8(&file_contents).unwrap(); + config_from_toml_str(string) +} + +pub fn config_from_toml_str(toml_text: &str) -> Result { + // we can .unwrap() here because Cargo.toml that's not valid TOML will be rejected by Cargo + let toml: toml::Value = toml::from_str(toml_text).unwrap(); + config_from_toml(Some(&toml)) +} + pub fn config_from_toml(value: Option<&toml::value::Value>) -> Result { if let Some(value) = value { let wrapper: ConfigWrapper = value @@ -195,7 +209,7 @@ impl From for config::Pattern { } } -#[derive(Error, Debug, PartialEq, Eq)] +#[derive(Error, Debug)] pub enum ConfigError { #[error("Failed to deserialize configuration from Toml: {0}")] TomlError(String), @@ -205,6 +219,9 @@ pub enum ConfigError { #[error("Invalid prefix from Toml")] CustomPrefixError(#[from] PrefixError), + + #[error("Failed to read the Cargo.toml file")] + IoError(#[from] std::io::Error), } #[cfg(test)] @@ -248,12 +265,11 @@ output_options = { cdx = true, pattern = "bom", prefix = "tacos" } let actual = actual .expect_err("Should not have been able to convert with mutually exclusive options"); - assert_eq!( - actual, - ConfigError::ValidationError( - "OutputOptions can contain either prefix or pattern, got both".to_string() - ) - ); + match actual { + ConfigError::ValidationError(_) => (), // the expected outcome + _ => panic!("OutputOptions can contain either prefix or pattern, got both, and validation failed to catch that") + + } } #[test] From 73422173edc07c52784ea94c3a720625af6a71c5 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 05:43:04 +0100 Subject: [PATCH 14/26] Do not assert any specific error message on invalid Cargo.toml in tests, since we do not control cargo-metadata Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/tests/cli.rs | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/cargo-cyclonedx/tests/cli.rs b/cargo-cyclonedx/tests/cli.rs index 6e13e46d..30bca507 100644 --- a/cargo-cyclonedx/tests/cli.rs +++ b/cargo-cyclonedx/tests/cli.rs @@ -24,11 +24,7 @@ fn manifest_doesnt_exist() -> Result<(), Box> { cmd.assert() .failure() - .stdout("") - .stderr(predicate::str::contains(format!( - "Error: failed to read `{}`", - tmp_dir.path().join("Cargo.toml").display(), - ))); + .stdout(""); tmp_dir.close()?; @@ -48,11 +44,7 @@ fn manifest_is_invalid() -> Result<(), Box> { cmd.assert() .failure() - .stdout("") - .stderr(predicate::str::contains(format!( - "Error: failed to parse manifest at `{}`", - tmp_file.path().display(), - ))); + .stdout(""); tmp_file.close()?; From 0bdd508572a0585df2eeb42aaca156005bfbe79f Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:01:28 +0100 Subject: [PATCH 15/26] Add a comment explaining that the configuration does not work correctly at present Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/toml.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cargo-cyclonedx/src/toml.rs b/cargo-cyclonedx/src/toml.rs index dd8bd65a..b823d126 100644 --- a/cargo-cyclonedx/src/toml.rs +++ b/cargo-cyclonedx/src/toml.rs @@ -25,6 +25,11 @@ use std::path::Path; use std::str::FromStr; use thiserror::Error; +// FIXME: this currently reads from `[cyclonedx]` instead of `[workspace.metadata.cyclonedx]` +// or [package.metadata.cyclonedx]. This is a regression from 0.3.8. +// This is not yet fixed because the jury is still out on whether we want this mechanism at all: +// https://github.com/CycloneDX/cyclonedx-rust-cargo/issues/495 + pub fn config_from_file(file: &Path) -> Result { let file_contents = std::fs::read(file)?; // we can .unwrap() here because Cargo.toml that's not UTF-8 will be rejected by Cargo From e519aef3d803af87366b841b4655289db427ff46 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:23:49 +0100 Subject: [PATCH 16/26] cargo fmt Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/tests/cli.rs | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/cargo-cyclonedx/tests/cli.rs b/cargo-cyclonedx/tests/cli.rs index 30bca507..56572502 100644 --- a/cargo-cyclonedx/tests/cli.rs +++ b/cargo-cyclonedx/tests/cli.rs @@ -22,9 +22,7 @@ fn manifest_doesnt_exist() -> Result<(), Box> { let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME"))?; cmd.current_dir(tmp_dir.path()).arg("cyclonedx"); - cmd.assert() - .failure() - .stdout(""); + cmd.assert().failure().stdout(""); tmp_dir.close()?; @@ -42,9 +40,7 @@ fn manifest_is_invalid() -> Result<(), Box> { .arg("--manifest-path") .arg(tmp_file.path()); - cmd.assert() - .failure() - .stdout(""); + cmd.assert().failure().stdout(""); tmp_file.close()?; From 1b7372e22217eda00b1fdac6e4b1e34bee14a53b Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:24:21 +0100 Subject: [PATCH 17/26] Reimplement filtering of top-level dependencies Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 74 ++++++++++++++++---------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 774e8086..f717d501 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -25,6 +25,7 @@ use crate::toml::ConfigError; use cargo_metadata; use cargo_metadata::Metadata as CargoMetadata; +use cargo_metadata::Node; use cargo_metadata::Package; use cargo_metadata::PackageId; @@ -54,6 +55,7 @@ use validator::validate_email; // Maps from PackageId to Package for efficiency - faster lookups than in a Vec type PackageMap = BTreeMap; +type ResolveMap = BTreeMap; pub struct SbomGenerator {} @@ -70,6 +72,7 @@ impl SbomGenerator { let workspace_config = config_from_file(manifest_path)?; let members: Vec = meta.workspace_members; let packages = index_packages(meta.packages); + let resolve = index_resolve(meta.resolve.unwrap().nodes); let mut result = Vec::with_capacity(members.len()); for member in members.iter() { @@ -119,6 +122,13 @@ fn index_packages(packages: Vec) -> PackageMap { .collect() } +fn index_resolve(packages: Vec) -> ResolveMap { + packages + .into_iter() + .map(|pkg| (pkg.id.clone(), pkg)) + .collect() +} + fn create_bom(package: &PackageId, dependencies: &PackageMap) -> Result { let mut bom = Bom::default(); @@ -378,45 +388,35 @@ pub enum GeneratorError { InvalidRegexError(#[source] regex::Error), } -// fn top_level_dependencies( -// member: &Package, -// package_ids: &PackageSet<'_>, -// resolve: &Resolve, -// ) -> Result, GeneratorError> { -// log::trace!("Adding top-level dependencies to SBOM"); -// let mut dependencies = BTreeSet::new(); +fn top_level_dependencies( + member: &PackageId, + packages: &PackageMap, + resolve: &ResolveMap, +) -> (PackageMap, ResolveMap) { + log::trace!("Adding top-level dependencies to SBOM"); + let direct_dep_ids = resolve[member].dependencies.as_slice(); + + // FIXME: also include the root package. + // We will need it for the dependency graph later, + // but the previous code omitted it from components, + // so we emulate the behavior of the previous code for now. + + let mut pkg_result = PackageMap::new(); + for id in direct_dep_ids { + pkg_result.insert(id.to_owned(), packages[id].to_owned()); + } -// let all_dependencies = resolve -// .deps(member.package_id()) -// .filter(move |r| r.0 != member.package_id()) -// .flat_map(|(_, dependency)| dependency) -// .filter(|d| d.kind() == DepKind::Normal); - -// for dependency in all_dependencies { -// log::trace!("Dependency: {dependency:?}"); -// match package_ids -// .package_ids() -// .find(|id| dependency.matches_id(*id)) -// { -// Some(package_id) => { -// let package = package_ids -// .get_one(package_id) -// .map_err(|error| GeneratorError::PackageError { package_id, error })?; -// dependencies.insert(package.to_owned()); -// } -// None => { -// log::warn!( -// "Unable to find package for dependency (name: {}, req: {}, source_id: {})", -// dependency.package_name(), -// dependency.version_req(), -// dependency.source_id(), -// ); -// } -// } -// } + let mut resolve_result = ResolveMap::new(); + for id in direct_dep_ids { + // Clear all depedencies, pretend there is only one level + let mut node = resolve[id].clone(); + node.deps = Vec::new(); + node.dependencies = Vec::new(); + resolve_result.insert(id.to_owned(), node); + } -// Ok(dependencies) -// } + (pkg_result, resolve_result) +} // fn all_dependencies( // members: &[Package], From edc3583c0edc51efe90781eba0f4020a6cfbed56 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:34:54 +0100 Subject: [PATCH 18/26] Also reimplement all_dependencies() with cargo-metadata Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 43 +++++++++++++++----------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index f717d501..784c79af 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -396,8 +396,8 @@ fn top_level_dependencies( log::trace!("Adding top-level dependencies to SBOM"); let direct_dep_ids = resolve[member].dependencies.as_slice(); - // FIXME: also include the root package. - // We will need it for the dependency graph later, + // FIXME: also include the root package? + // We need it for the dependency graph, // but the previous code omitted it from components, // so we emulate the behavior of the previous code for now. @@ -418,27 +418,24 @@ fn top_level_dependencies( (pkg_result, resolve_result) } -// fn all_dependencies( -// members: &[Package], -// package_ids: &PackageSet<'_>, -// resolve: &Resolve, -// ) -> Result, GeneratorError> { -// log::trace!("Adding all dependencies to SBOM"); -// let mut dependencies = BTreeSet::new(); - -// for package_id in resolve.iter() { -// let package = package_ids -// .get_one(package_id) -// .map_err(|error| GeneratorError::PackageError { package_id, error })?; -// if members.contains(package) { -// // Skip listing our own packages in our workspace -// continue; -// } -// dependencies.insert(package.to_owned()); -// } - -// Ok(dependencies) -// } +fn all_dependencies( + member: &PackageId, + packages: &PackageMap, + resolve: &ResolveMap, +) -> (PackageMap, ResolveMap) { + log::trace!("Adding all dependencies to SBOM"); + + // FIXME: also include the root package, see top_level_dependencies() + + // FIXME: run BFS to filter out irrelevant dependencies, + // such as dev dependencies that do not affect the final binary + // or dependencies of other packages in the workspace + + let mut pkg_result = packages.clone(); + pkg_result.remove(member); + + (pkg_result, resolve.clone()) +} /// Contains a generated SBOM and context used in its generation /// From e0a4cb524bd1857f2710d03a2fc44f9267a5ce1d Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:37:55 +0100 Subject: [PATCH 19/26] Make top_level_dependencies() consistent with all_dependencies() in outputting the toplevel package in resolve Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 784c79af..c2ce7238 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -407,6 +407,7 @@ fn top_level_dependencies( } let mut resolve_result = ResolveMap::new(); + resolve_result.insert(member.to_owned(), resolve[member].clone()); for id in direct_dep_ids { // Clear all depedencies, pretend there is only one level let mut node = resolve[id].clone(); From d61cc753a1f59d43e9e55fa6739cd674c535e1da Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:40:28 +0100 Subject: [PATCH 20/26] Re-enable selection of direct deps only or all deps Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index c2ce7238..0ccbec58 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -87,17 +87,14 @@ impl SbomGenerator { log::trace!("Config from config override: {:?}", config_override); log::debug!("Config from merged config: {:?}", config); - // TODO: restore support for reporting top-level dependencies only - // (assuming that mode is compliant with the CycloneDX spec) - - // let dependencies = - // if config.included_dependencies() == IncludedDependencies::AllDependencies { - // all_dependencies(&members, &package_ids, &resolve)? - // } else { - // top_level_dependencies(member, &package_ids, &resolve)? - // }; - - let bom = create_bom(member, &packages)?; + let (dependencies, resolve) = + if config.included_dependencies() == IncludedDependencies::AllDependencies { + all_dependencies(member, &packages, &resolve) + } else { + top_level_dependencies(member, &packages, &resolve) + }; + + let bom = create_bom(member, &dependencies)?; log::debug!("Bom validation: {:?}", &bom.validate()); From 062319015374aaced91c93edd3046657e51f498a Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:41:10 +0100 Subject: [PATCH 21/26] Drop unused import Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 0ccbec58..5ab46c58 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -49,7 +49,8 @@ use regex::Regex; use std::collections::BTreeMap; use std::convert::TryFrom; use std::path::Path; -use std::{collections::BTreeSet, fs::File, path::PathBuf}; +use std::path::PathBuf; +use std::fs::File; use thiserror::Error; use validator::validate_email; From ade4077f88fab8e759edac449c27970b1c51b34f Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 06:46:07 +0100 Subject: [PATCH 22/26] Include the root package in the output of top_level_dependencies() and all_dependencies(), it is required for correctness Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 5ab46c58..6dcbb524 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -48,9 +48,9 @@ use regex::Regex; use std::collections::BTreeMap; use std::convert::TryFrom; +use std::fs::File; use std::path::Path; use std::path::PathBuf; -use std::fs::File; use thiserror::Error; use validator::validate_email; @@ -394,12 +394,8 @@ fn top_level_dependencies( log::trace!("Adding top-level dependencies to SBOM"); let direct_dep_ids = resolve[member].dependencies.as_slice(); - // FIXME: also include the root package? - // We need it for the dependency graph, - // but the previous code omitted it from components, - // so we emulate the behavior of the previous code for now. - let mut pkg_result = PackageMap::new(); + pkg_result.insert(member.to_owned(), packages[member].to_owned()); for id in direct_dep_ids { pkg_result.insert(id.to_owned(), packages[id].to_owned()); } @@ -424,16 +420,11 @@ fn all_dependencies( ) -> (PackageMap, ResolveMap) { log::trace!("Adding all dependencies to SBOM"); - // FIXME: also include the root package, see top_level_dependencies() - // FIXME: run BFS to filter out irrelevant dependencies, // such as dev dependencies that do not affect the final binary // or dependencies of other packages in the workspace - let mut pkg_result = packages.clone(); - pkg_result.remove(member); - - (pkg_result, resolve.clone()) + (packages.clone(), resolve.clone()) } /// Contains a generated SBOM and context used in its generation From 39b34264302ac8943eb14ef77a862720c4f10623 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 07:02:19 +0100 Subject: [PATCH 23/26] Fix a test that was creating an invalid dependency without a lib target, which was ignored by cargo Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/tests/cli.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cargo-cyclonedx/tests/cli.rs b/cargo-cyclonedx/tests/cli.rs index 56572502..c2e9dacc 100644 --- a/cargo-cyclonedx/tests/cli.rs +++ b/cargo-cyclonedx/tests/cli.rs @@ -94,7 +94,7 @@ fn find_content_in_stderr() -> Result<(), Box> { let license = "TEST"; let pkg_dir = tmp_dir.child(pkg_name); - pkg_dir.child("src/main.rs").touch()?; + pkg_dir.child("src/lib.rs").touch()?; pkg_dir.child("Cargo.toml").write_str(&format!( r#" From 416914d94fe3b9fa83d6fd1e7f29722e6ca18696 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 07:04:37 +0100 Subject: [PATCH 24/26] Suppress the warning about resolve being unused for now Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 6dcbb524..61113f09 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -88,7 +88,7 @@ impl SbomGenerator { log::trace!("Config from config override: {:?}", config_override); log::debug!("Config from merged config: {:?}", config); - let (dependencies, resolve) = + let (dependencies, _resolve) = if config.included_dependencies() == IncludedDependencies::AllDependencies { all_dependencies(member, &packages, &resolve) } else { From 6a731f50731dc4f7fe1d0dca6321adf890d01c85 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 07:06:25 +0100 Subject: [PATCH 25/26] Omit the toplevel package from the list of components Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index 61113f09..d895fd13 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -135,6 +135,7 @@ fn create_bom(package: &PackageId, dependencies: &PackageMap) -> Result = dependencies .values() + .filter(|p| &p.id != package) .map(|package| create_component(&package)) .collect(); From 819b269169b4aaf5c76e9c18240ff7d7cfff51ed Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Thu, 26 Oct 2023 21:45:22 +0000 Subject: [PATCH 26/26] Fix typo in comment Co-authored-by: Lars Francke Signed-off-by: Sergey "Shnatsel" Davidoff --- cargo-cyclonedx/src/generator.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs index d895fd13..ac857ee4 100644 --- a/cargo-cyclonedx/src/generator.rs +++ b/cargo-cyclonedx/src/generator.rs @@ -404,7 +404,7 @@ fn top_level_dependencies( let mut resolve_result = ResolveMap::new(); resolve_result.insert(member.to_owned(), resolve[member].clone()); for id in direct_dep_ids { - // Clear all depedencies, pretend there is only one level + // Clear all dependencies, pretend there is only one level let mut node = resolve[id].clone(); node.deps = Vec::new(); node.dependencies = Vec::new();