Add temporary exception for bincode in deny.toml (#669)#671
Add temporary exception for bincode in deny.toml (#669)#671williampMSFT wants to merge 1 commit intoOpenDevicePartnership:v0.2.0from
Conversation
…ip#669) I saw a regression in our stable/deny CI job. The `bincode` crate is unmaintained and [it has just been marked as such](rustsec/advisory-db#2574). This PR adds an exception to our deny.toml to unblock our CI for now, but we should try to migrate to another serde crate like postcard soon. Luckily only 2 of our crates use bincode so migration is straightforward: - [embedded-usb-pd](https://github.com/OpenDevicePartnership/embedded-usb-pd) - [tps6699x](https://github.com/OpenDevicePartnership/tps6699x)
williampMSFT
requested review from
RobertZ2011,
felipebalbi,
jerrysxie and
tullom
There was a problem hiding this comment.
Pull request overview
This PR adds a temporary exception to the cargo-deny configuration to allow the unmaintained bincode crate while migration to an alternative is planned. This unblocks CI that was failing due to a new RUSTSEC advisory marking bincode as unmaintained.
- Added RUSTSEC-2025-0141 exception for bincode to the ignore list in deny.toml
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tullom
left a comment
tullom
left a comment
There was a problem hiding this comment.
Hold on, i think with mergebacks, we don't wish to cherry-pick commits from main back into this branch. We should merge commits so we don't have two commits with the same changes yet different commits.
Works for me, I'll abandon this one and look into that |
3 participants
Per Matteo:
I saw a regression in our stable/deny CI job. The
bincodecrate is unmaintained and it has just been marked assuch.
This PR adds an exception to our deny.toml to unblock our CI for now, but we should try to migrate to another serde crate like postcard soon.
Luckily only 2 of our crates use bincode so migration is straightforward:
embedded-usb-pd
Cherry-pick of commit 66c758d