Merge pull request #156 from thomastaylor312/chore/version_bump

chore(*): Bumps crate version and some dependencies

.github/workflows/build.yml

@@ -51,6 +51,6 @@ jobs:
           - bans licenses sources
     steps:
       - uses: actions/[email protected]
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
         with:
           command: check ${{ matrix.checks }}

Cargo.toml

@@ -17,7 +17,7 @@ license = "Apache-2.0"
 name = "oci-client"
 readme = "README.md"
 repository = "https://github.com/oras-project/rust-oci-client"
-version = "0.11.0"
+version = "0.12.0"
 
 [badges]
 maintenance = { status = "actively-developed" }
@@ -65,6 +65,8 @@ hmac = "0.12"
 itertools = "0.13.0"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 tempfile = "3.3"
+# This should stay pinned here until testcontainers makes sure all of its deps using rustls are
+# using the ring feature. Otherwise this fails to compile on Windows
 testcontainers = "0.20"
 tokio = { version = "1.21", features = ["macros", "fs", "rt-multi-thread"] }
 tokio-util = { version = "0.7.4", features = ["compat"] }

deny.toml

@@ -1,58 +1,43 @@
 [advisories]
-ignore = [
-    # a chrono issue, this is just a test dependency
-    "RUSTSEC-2020-0071",
-]
 
 [licenses]
+version = 2
 confidence-threshold = 1.0
-copyleft = "deny"
-unlicensed = "deny"
-allow-osi-fsf-free = "both"
-default = "deny"
 
 # List of explictly allowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
 allow = [
-    "LicenseRef-ring",
-    "LicenseRef-rustls-webpki",
-    "MPL-2.0",
     "Unicode-DFS-2016",
-    "Unicode-3.0"
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "ISC",
+    "MIT",
+    "MPL-2.0",
 ]
 
-deny = [
-    "AGPL-3.0",
-    "WTFPL",
-]
-
-[[licenses.clarify]]
-name = "ring"
-expression = "LicenseRef-ring"
-license-files = [
-    { path = "LICENSE", hash = 0xbd0eed23 },
-]
-
-[[licenses.clarify]]
-name = "rustls-webpki"
-expression = "LicenseRef-rustls-webpki"
-license-files = [
-    { path = "LICENSE", hash = 0x001c7e6c },
+exceptions = [
+    # Ring has a...complicated license. However, since it is at the core of a large number of rust
+    # projects, we are manually allowing the OpenSSL part of the license
+    { name = "ring", allow = [
+        "OpenSSL",
+    ] },
+    # same exception as above for another crate
+    { name = "aws-lc-sys", allow = [
+        "OpenSSL",
+    ] },
 ]
 
 [[licenses.clarify]]
 name = "encoding_rs"
 version = "*"
 expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause"
-license-files = [
-    { path = "COPYRIGHT", hash = 0x39f8ad31 }
-]
+license-files = [{ path = "COPYRIGHT", hash = 0x39f8ad31 }]
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
 
 [bans]
 multiple-versions = "allow"
-skip = [
-]
-
-skip-tree = [
-]