mirror of
https://github.com/ankitects/anki.git
synced 2026-06-10 06:13:34 -04:00
da64f03307
## Summary Consolidates 8 open Dependabot PRs into a single security-focused batch. ### Addressed advisories - GHSA: tar (Cargo) [#296](https://github.com/ankitects/anki/security/dependabot/296) - @tootallnate/once [#295](https://github.com/ankitects/anki/security/dependabot/295) - ws [#293](https://github.com/ankitects/anki/security/dependabot/293) - openssl [#292](https://github.com/ankitects/anki/security/dependabot/292) - idna [#291](https://github.com/ankitects/anki/security/dependabot/291) - devalue [#287](https://github.com/ankitects/anki/security/dependabot/287)/[#239](https://github.com/ankitects/anki/security/dependabot/239)/[#217](https://github.com/ankitects/anki/security/dependabot/217)/[#216](https://github.com/ankitects/anki/security/dependabot/216) - postcss [#275](https://github.com/ankitects/anki/security/dependabot/275) - svelte [#286](https://github.com/ankitects/anki/security/dependabot/286)/[#288](https://github.com/ankitects/anki/security/dependabot/288)/[#289](https://github.com/ankitects/anki/security/dependabot/289) - lodash-es [#258](https://github.com/ankitects/anki/security/dependabot/258)/[#259](https://github.com/ankitects/anki/security/dependabot/259) - @sveltejs/kit [#294](https://github.com/ankitects/anki/security/dependabot/294) ### Sources Merged from PRs: #4914, #4887, #4867, #4866, #4865, #4846, #4744, #4892. ### Not addressed — rand (Cargo) [#268](https://github.com/ankitects/anki/security/dependabot/268) PR #4741 (rand 0.9.4 → 0.10.1) was excluded because `fsrs 5.2.0` still depends on `rand 0.9.4`. The rand 0.10 API changes (`Rng` → `RngExt`) cause a compile error at the `PostSchedulingFn` boundary. This will be unblocked when fsrs is upgraded. ### Not addressed (transitive — follow-up) - urllib3 [#284](https://github.com/ankitects/anki/security/dependabot/284)/[#283](https://github.com/ankitects/anki/security/dependabot/283) - GitPython [#282](https://github.com/ankitects/anki/security/dependabot/282) - ip-address [#276](https://github.com/ankitects/anki/security/dependabot/276) - pytest [#266](https://github.com/ankitects/anki/security/dependabot/266) - Pygments [#256](https://github.com/ankitects/anki/security/dependabot/256) - brace-expansion [#255](https://github.com/ankitects/anki/security/dependabot/255)/[#158](https://github.com/ankitects/anki/security/dependabot/158) - picomatch [#253](https://github.com/ankitects/anki/security/dependabot/253)/[#252](https://github.com/ankitects/anki/security/dependabot/252) - tar (npm) [#238](https://github.com/ankitects/anki/security/dependabot/238)/[#235](https://github.com/ankitects/anki/security/dependabot/235)/[#209](https://github.com/ankitects/anki/security/dependabot/209) - immutable [#231](https://github.com/ankitects/anki/security/dependabot/231) - minimatch [#227](https://github.com/ankitects/anki/security/dependabot/227)/[#226](https://github.com/ankitects/anki/security/dependabot/226)/[#221](https://github.com/ankitects/anki/security/dependabot/221) - fabric [#211](https://github.com/ankitects/anki/security/dependabot/211) These need manual `yarn.lock` resolutions / `uv.lock` overrides. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
179 lines
5.2 KiB
TOML
179 lines
5.2 KiB
TOML
[workspace.package]
|
|
version = "0.0.0"
|
|
authors = ["Ankitects Pty Ltd and contributors <https://help.ankiweb.net>"]
|
|
edition = "2021"
|
|
license = "AGPL-3.0-or-later"
|
|
rust-version = "1.80"
|
|
|
|
[workspace]
|
|
members = [
|
|
"build/configure",
|
|
"build/ninja_gen",
|
|
"build/runner",
|
|
"ftl",
|
|
"pylib/rsbridge",
|
|
"qt/launcher",
|
|
"rslib",
|
|
"rslib/i18n",
|
|
"rslib/io",
|
|
"rslib/linkchecker",
|
|
"rslib/process",
|
|
"rslib/proto",
|
|
"rslib/sync",
|
|
"tools/minilints",
|
|
]
|
|
resolver = "2"
|
|
|
|
[workspace.dependencies.percent-encoding-iri]
|
|
git = "https://github.com/ankitects/rust-url.git"
|
|
rev = "bb930b8d089f4d30d7d19c12e54e66191de47b88"
|
|
|
|
[workspace.dependencies.linkcheck]
|
|
git = "https://github.com/ankitects/linkcheck.git"
|
|
rev = "184b2ca50ed39ca43da13f0b830a463861adb9ca"
|
|
|
|
[workspace.dependencies.fsrs]
|
|
version = "5.2.0"
|
|
# git = "https://github.com/open-spaced-repetition/fsrs-rs.git"
|
|
# path = "../open-spaced-repetition/fsrs-rs"
|
|
|
|
[workspace.dependencies]
|
|
# local
|
|
anki = { path = "rslib" }
|
|
anki_i18n = { path = "rslib/i18n" }
|
|
anki_io = { path = "rslib/io" }
|
|
anki_process = { path = "rslib/process" }
|
|
anki_proto = { path = "rslib/proto" }
|
|
anki_proto_gen = { path = "rslib/proto_gen" }
|
|
ninja_gen = { "path" = "build/ninja_gen" }
|
|
|
|
# pinned
|
|
unicase = "=2.6.0" # any changes could invalidate sqlite indexes
|
|
|
|
# normal
|
|
ammonia = "4.1.2"
|
|
anyhow = "1.0.98"
|
|
async-compression = { version = "0.4.24", features = ["zstd", "tokio"] }
|
|
async-stream = "0.3.6"
|
|
async-trait = "0.1.88"
|
|
axum = { version = "0.8.4", features = ["multipart", "macros"] }
|
|
axum-client-ip = "1.1.3"
|
|
axum-extra = { version = "0.10.1", features = ["typed-header"] }
|
|
bitflags = "2.9.1"
|
|
blake3 = "1.8.2"
|
|
bytes = "1.11.1"
|
|
camino = "1.1.10"
|
|
chrono = { version = "0.4.41", default-features = false, features = ["std", "clock"] }
|
|
clap = { version = "4.5.40", features = ["derive"] }
|
|
coarsetime = "0.1.36"
|
|
convert_case = "0.8.0"
|
|
criterion = { version = "0.6.0" }
|
|
csv = "1.3.1"
|
|
data-encoding = "2.9.0"
|
|
difflib = "0.4.0"
|
|
dirs = "6.0.0"
|
|
dunce = "1.0.5"
|
|
embed-resource = "3.0.4"
|
|
envy = "0.4.2"
|
|
flate2 = "1.1.2"
|
|
fluent = "0.17.0"
|
|
fluent-bundle = "0.16.0"
|
|
fluent-syntax = "0.12.0"
|
|
fnv = "1.0.7"
|
|
futures = "0.3.31"
|
|
globset = "0.4.16"
|
|
hex = "0.4.3"
|
|
htmlescape = "0.3.1"
|
|
hyper = "1"
|
|
id_tree = "1.8.0"
|
|
inflections = "1.1.1"
|
|
intl-memoizer = "0.5.3"
|
|
itertools = "0.14.0"
|
|
junction = "1.2.0"
|
|
libc = "0.2"
|
|
libc-stdhandle = "0.1"
|
|
locale_config = "0.3.0"
|
|
maplit = "1.0.2"
|
|
nom = "8.0.0"
|
|
num-format = "0.4.4"
|
|
num_cpus = "1.17.0"
|
|
num_enum = "0.7.3"
|
|
once_cell = "1.21.3"
|
|
pbkdf2 = { version = "0.12", features = ["simple"] }
|
|
permutation = "0.4.1"
|
|
phf = { version = "0.11.3", features = ["macros"] }
|
|
pin-project = "1.1.10"
|
|
prettyplease = "0.2.34"
|
|
prost = "0.13"
|
|
prost-build = "0.13"
|
|
prost-reflect = "0.14.7"
|
|
prost-types = "0.13"
|
|
pulldown-cmark = "0.13.0"
|
|
pyo3 = { version = "0.25.1", features = ["extension-module", "abi3", "abi3-py39"] }
|
|
rand = "0.9.4"
|
|
rayon = "1.10.0"
|
|
regex = "1.11.1"
|
|
reqwest = { version = "0.12.20", default-features = false, features = ["json", "socks", "stream", "multipart"] }
|
|
rusqlite = { version = "0.36.0", features = ["trace", "functions", "collation", "bundled"] }
|
|
rustls-pemfile = "2.2.0"
|
|
same-file = "1.0.6"
|
|
scopeguard = "1.2.0"
|
|
serde = { version = "1.0.219", features = ["derive"] }
|
|
serde-aux = "4.7.0"
|
|
serde_json = "1.0.140"
|
|
serde_repr = "0.1.20"
|
|
serde_tuple = "1.1.0"
|
|
sha1 = "0.10.6"
|
|
sha2 = { version = "0.11.0" }
|
|
snafu = { version = "0.8.6", features = ["rust_1_61"] }
|
|
strum = { version = "0.27.1", features = ["derive"] }
|
|
syn = { version = "2.0.103", features = ["parsing", "printing"] }
|
|
tar = "0.4.46"
|
|
tempfile = "3.20.0"
|
|
termcolor = "1.4.1"
|
|
tokio = { version = "1.45", features = ["fs", "rt-multi-thread", "macros", "signal"] }
|
|
tokio-util = { version = "0.7.15", features = ["io"] }
|
|
tower-http = { version = "0.6.6", features = ["trace"] }
|
|
tracing = { version = "0.1.41", features = ["max_level_trace", "release_max_level_debug"] }
|
|
tracing-appender = "0.2.3"
|
|
tracing-subscriber = { version = "0.3.20", features = ["fmt", "env-filter"] }
|
|
unic-langid = { version = "0.9.6", features = ["macros"] }
|
|
unic-ucd-category = "0.9.0"
|
|
unicode-normalization = "0.1.24"
|
|
walkdir = "2.5.0"
|
|
which = "8.0.0"
|
|
widestring = "1.1.0"
|
|
winapi = { version = "0.3", features = ["wincon", "winreg"] }
|
|
windows = { version = "0.61.3", features = ["Media_SpeechSynthesis", "Media_Core", "Foundation_Collections", "Storage_Streams", "Win32_System_Console", "Win32_System_Registry", "Win32_System_SystemInformation", "Win32_Foundation", "Win32_UI_Shell", "Wdk_System_SystemServices"] }
|
|
wiremock = "0.6.3"
|
|
xz2 = "0.1.7"
|
|
zip = { version = "4.1.0", default-features = false, features = ["deflate", "time"] }
|
|
zstd = { version = "0.13.3", features = ["zstdmt"] }
|
|
|
|
# Apply mild optimizations to our dependencies in dev mode, which among other things
|
|
# improves sha2 performance by about 21x. Opt 1 chosen due to
|
|
# https://doc.rust-lang.org/cargo/reference/profiles.html#overrides-and-generics. This
|
|
# applies to the dependencies of unit tests as well.
|
|
[profile.dev.package."*"]
|
|
opt-level = 1
|
|
debug = 0
|
|
|
|
[profile.dev.package.anki_i18n]
|
|
opt-level = 1
|
|
debug = 0
|
|
|
|
[profile.dev.package.anki_proto]
|
|
opt-level = 1
|
|
debug = 0
|
|
|
|
# Debug info off by default, which speeds up incremental builds and produces a considerably
|
|
# smaller library.
|
|
[profile.dev.package.anki]
|
|
debug = 0
|
|
[profile.dev.package.rsbridge]
|
|
debug = 0
|
|
|
|
[profile.release-lto]
|
|
inherits = "release"
|
|
lto = true
|