From 05284027cc40eea942e2b6275fe1c990f9e36254 Mon Sep 17 00:00:00 2001 From: Jefffrey <22608443+Jefffrey@users.noreply.github.com> Date: Sat, 2 Dec 2023 20:49:51 +1100 Subject: [PATCH 1/6] Add cargo audit CI action --- .github/workflows/audit.yml | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/audit.yml diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 000000000000..3c9ddb11cfce --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,44 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: audit + +concurrency: + group: ${{ github.repository }}-${{ github.head_ref || github.sha }}-${{ github.workflow }} + cancel-in-progress: true + +# trigger for all PRs that touch certain files and changes to master +on: + push: + branches: + - master + pull_request: + paths: + - '**/Cargo.toml' + - '**/Cargo.lock' + +jobs: + cargo-audit: + name: Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - uses: rustsec/audit-check@v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} From 831b3982c802a8460fa0add31b922d532523a949 Mon Sep 17 00:00:00 2001 From: Jefffrey <22608443+Jefffrey@users.noreply.github.com> Date: Tue, 5 Dec 2023 23:30:55 +1100 Subject: [PATCH 2/6] Update Cargo.toml descriptions --- arrow-csv/Cargo.toml | 2 +- arrow-json/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arrow-csv/Cargo.toml b/arrow-csv/Cargo.toml index 66a6d7dbcaa5..d29c85c56cfd 100644 --- a/arrow-csv/Cargo.toml +++ b/arrow-csv/Cargo.toml @@ -18,7 +18,7 @@ [package] name = "arrow-csv" version = { workspace = true } -description = "Support for parsing CSV format into the Arrow format" +description = "Support for parsing CSV format to and from the Arrow format" homepage = { workspace = true } repository = { workspace = true } authors = { workspace = true } diff --git a/arrow-json/Cargo.toml b/arrow-json/Cargo.toml index 7e49a57fbd6c..dd232f197ead 100644 --- a/arrow-json/Cargo.toml +++ b/arrow-json/Cargo.toml @@ -18,7 +18,7 @@ [package] name = "arrow-json" version = { workspace = true } -description = "Support for parsing JSON format into the Arrow format" +description = "Support for parsing JSON format to and from the Arrow format" homepage = { workspace = true } repository = { workspace = true } authors = { workspace = true } From 74e0c0bc41a9c99aedfb78c6888dde7a45edcc3f Mon Sep 17 00:00:00 2001 From: Jefffrey <22608443+Jefffrey@users.noreply.github.com> Date: Wed, 6 Dec 2023 21:57:18 +1100 Subject: [PATCH 3/6] Don't use existing audit action --- .github/workflows/audit.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 3c9ddb11cfce..2c1dcdfd2100 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -37,8 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - with: - submodules: true - - uses: rustsec/audit-check@v1.4.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} + - name: Install cargo-audit + run: cargo install cargo-audit + - name: Run audit check + run: cargo audit From 0a452ce022da1db7e2c522ee2d1600e23c615ad4 Mon Sep 17 00:00:00 2001 From: Jefffrey <22608443+Jefffrey@users.noreply.github.com> Date: Wed, 6 Dec 2023 22:01:10 +1100 Subject: [PATCH 4/6] Test known bad dependency --- arrow-csv/Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/arrow-csv/Cargo.toml b/arrow-csv/Cargo.toml index d29c85c56cfd..52ef616766b4 100644 --- a/arrow-csv/Cargo.toml +++ b/arrow-csv/Cargo.toml @@ -45,6 +45,7 @@ csv-core = { version = "0.1" } lazy_static = { version = "1.4", default-features = false } lexical-core = { version = "^0.8", default-features = false } regex = { version = "1.7.0", default-features = false, features = ["std", "unicode", "perf"] } +bitvec = "0.11.0" [dev-dependencies] tempfile = "3.3" From 89a9bf547dcee6d3069cd9442f839716f059aa10 Mon Sep 17 00:00:00 2001 From: Jefffrey <22608443+Jefffrey@users.noreply.github.com> Date: Wed, 6 Dec 2023 22:06:31 +1100 Subject: [PATCH 5/6] Test known bad dependency --- arrow-csv/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arrow-csv/Cargo.toml b/arrow-csv/Cargo.toml index 52ef616766b4..d4b0ef08807a 100644 --- a/arrow-csv/Cargo.toml +++ b/arrow-csv/Cargo.toml @@ -45,7 +45,7 @@ csv-core = { version = "0.1" } lazy_static = { version = "1.4", default-features = false } lexical-core = { version = "^0.8", default-features = false } regex = { version = "1.7.0", default-features = false, features = ["std", "unicode", "perf"] } -bitvec = "0.11.0" +cocoon = "0.3.3" [dev-dependencies] tempfile = "3.3" From 26a72a38e40942e21a57061237f85694a017e67f Mon Sep 17 00:00:00 2001 From: Jefffrey <22608443+Jefffrey@users.noreply.github.com> Date: Wed, 6 Dec 2023 22:10:01 +1100 Subject: [PATCH 6/6] Revert change --- arrow-csv/Cargo.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/arrow-csv/Cargo.toml b/arrow-csv/Cargo.toml index d4b0ef08807a..d29c85c56cfd 100644 --- a/arrow-csv/Cargo.toml +++ b/arrow-csv/Cargo.toml @@ -45,7 +45,6 @@ csv-core = { version = "0.1" } lazy_static = { version = "1.4", default-features = false } lexical-core = { version = "^0.8", default-features = false } regex = { version = "1.7.0", default-features = false, features = ["std", "unicode", "perf"] } -cocoon = "0.3.3" [dev-dependencies] tempfile = "3.3"