From 65f94c9d39ae54db0504c079450ace5c1ea24b06 Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <public@benj.me>
Date: Fri, 18 Mar 2022 11:27:56 +0100
Subject: [PATCH 1/6] Remove duplicate paste dependency

---
 Cargo.lock               | 29 ++---------------------------
 src/uu/factor/Cargo.toml |  2 +-
 2 files changed, 3 insertions(+), 28 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 714aef2b4..70f117b84 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -877,7 +877,7 @@ version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f37978dab2ca789938a83b2f8bc1ef32db6633af9051a6cd409eff72cbaaa79a"
 dependencies = [
- "paste 1.0.6",
+ "paste",
 ]
 
 [[package]]
@@ -1431,31 +1431,12 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
-[[package]]
-name = "paste"
-version = "0.1.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880"
-dependencies = [
- "paste-impl",
- "proc-macro-hack",
-]
-
 [[package]]
 name = "paste"
 version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0744126afe1a6dd7f394cb50a716dbe086cb06e255e53d8d0185d82828358fb5"
 
-[[package]]
-name = "paste-impl"
-version = "0.1.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6"
-dependencies = [
- "proc-macro-hack",
-]
-
 [[package]]
 name = "peeking_take_while"
 version = "0.1.2"
@@ -1574,12 +1555,6 @@ dependencies = [
  "version_check",
 ]
 
-[[package]]
-name = "proc-macro-hack"
-version = "0.5.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5"
-
 [[package]]
 name = "proc-macro2"
 version = "1.0.36"
@@ -2559,7 +2534,7 @@ dependencies = [
  "clap 3.0.10",
  "coz",
  "num-traits",
- "paste 0.1.18",
+ "paste",
  "quickcheck",
  "rand",
  "smallvec",
diff --git a/src/uu/factor/Cargo.toml b/src/uu/factor/Cargo.toml
index aec43af76..2f688f98f 100644
--- a/src/uu/factor/Cargo.toml
+++ b/src/uu/factor/Cargo.toml
@@ -23,7 +23,7 @@ smallvec = "1.7"  # TODO(nicoo): Use `union` feature, requires Rust 1.49 or late
 uucore = { version = ">=0.0.8", package = "uucore", path = "../../uucore" }
 
 [dev-dependencies]
-paste = "0.1.18"
+paste = "1.0.6"
 quickcheck = "1.0.3"
 
 [[bin]]

From 312068c2ddaac7f152c06480a97da0ca06e07e14 Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <public@benj.me>
Date: Fri, 18 Mar 2022 11:28:02 +0100
Subject: [PATCH 2/6] Add cargo-deny configuration

---
 deny.toml | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 deny.toml

diff --git a/deny.toml b/deny.toml
new file mode 100644
index 000000000..29fd40558
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,74 @@
+# This section is considered when running `cargo deny check advisories`
+# More documentation for the advisories section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "warn"
+unmaintained = "warn"
+yanked = "warn"
+notice = "warn"
+ignore = [
+    #"RUSTSEC-0000-0000",
+]
+
+# This section is considered when running `cargo deny check licenses`
+# More documentation for the licenses section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+unlicensed = "deny"
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+]
+copyleft = "allow"
+allow-osi-fsf-free = "neither"
+default = "deny"
+confidence-threshold = 0.8
+exceptions = [
+    { allow = ["OpenSSL"], name = "ring" },
+]
+
+[[licenses.clarify]]
+name = "ring"
+# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
+# https://spdx.org/licenses/OpenSSL.html
+# ISC - Both BoringSSL and ring use this for their new files
+# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
+# license, for third_party/fiat, which, unlike other third_party directories, is
+# compiled into non-test libraries, is included below."
+# OpenSSL - Obviously
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+# This section is considered when running `cargo deny check bans`.
+# More documentation about the 'bans' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+multiple-versions = "deny"
+wildcards = "allow"
+highlight = "all"
+# Certain crates/versions that will be skipped when doing duplicate detection.
+skip = [
+    # duplicated in blake2d_simd / blake3
+    { name = "arrayvec", version = "=0.7.2" },
+    # duplicated in flimit/unix_socket (many others use 1.0.0)
+    { name = "cfg-if", version = "=0.1.10" },
+    # duplicated in ordered-multimap (many others use 0.11.2)
+    { name = "hashbrown", version = "=0.9.1" },
+    # duplicated in kernel32-sys (many others use 0.3.9)
+    { name = "winapi", version = "=0.2.8" },
+]
+
+# This section is considered when running `cargo deny check sources`.
+# More documentation about the 'sources' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []

From 323f0ef99318cc39edf13819f28e279d49263cbe Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <public@benj.me>
Date: Fri, 18 Mar 2022 11:29:49 +0100
Subject: [PATCH 3/6] Setup cargo-deny in CI too

---
 .github/workflows/CICD.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/CICD.yml b/.github/workflows/CICD.yml
index b2ae59bdf..bbbf60838 100644
--- a/.github/workflows/CICD.yml
+++ b/.github/workflows/CICD.yml
@@ -20,6 +20,13 @@ env:
 on: [push, pull_request]
 
 jobs:
+  cargo-deny:
+    name: Style/cargo-deny
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
+
   style_deps:
     ## ToDO: [2021-11-10; rivy] 'Style/deps' needs more informative output and better integration of results into the GHA dashboard
     name: Style/deps

From 6a907b69c2fa6b51b5c573a12bd8128ae5abd8b0 Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <public@benj.me>
Date: Fri, 18 Mar 2022 11:39:03 +0100
Subject: [PATCH 4/6] cargo deny --all-features check all

---
 deny.toml | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/deny.toml b/deny.toml
index 29fd40558..cd4ae7076 100644
--- a/deny.toml
+++ b/deny.toml
@@ -22,10 +22,12 @@ allow = [
     "Apache-2.0",
     "ISC",
     "BSD-2-Clause",
+    "BSD-2-Clause-FreeBSD",
     "BSD-3-Clause",
     "CC0-1.0",
+    "MPL-2.0", # XXX considered copyleft?
 ]
-copyleft = "allow"
+copyleft = "deny"
 allow-osi-fsf-free = "neither"
 default = "deny"
 confidence-threshold = 0.8
@@ -52,16 +54,29 @@ license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
 multiple-versions = "deny"
 wildcards = "allow"
 highlight = "all"
-# Certain crates/versions that will be skipped when doing duplicate detection.
 skip = [
-    # duplicated in blake2d_simd / blake3
+    # blake2d_simd uses an old version
     { name = "arrayvec", version = "=0.7.2" },
-    # duplicated in flimit/unix_socket (many others use 1.0.0)
+    # flimit/unix_socket use old versions
     { name = "cfg-if", version = "=0.1.10" },
-    # duplicated in ordered-multimap (many others use 0.11.2)
+    # ordered-multimap uses an old version
     { name = "hashbrown", version = "=0.9.1" },
-    # duplicated in kernel32-sys (many others use 0.3.9)
+    # kernel32-sys uses an old version
     { name = "winapi", version = "=0.2.8" },
+    # bindgen 0.59.2 uses an old version of clap, which in turn uses other old dependencies
+    { name = "clap", version = "=2.34.0" },
+    { name = "strsim", version = "=0.8.0" },
+    { name = "textwrap", version = "=0.11.0" },
+    # cpp_common uses an old version
+    { name = "cpp_common", version = "=0.4.0" },
+    # quickcheck uses an old version
+    { name = "env_logger", version = "=0.8.4" },
+    # cpp_ crates uses old stuff
+    { name = "memchr", version = "=1.0.2" },
+    { name = "quote", version = "=0.3.15" },
+    { name = "unicode-xid", version = "=0.0.4" },
+    # exacl uses an old version
+    { name = "nix", version = "=0.21.0" },
 ]
 
 # This section is considered when running `cargo deny check sources`.

From d855dbca81c56e9a85526b854df69c00c0f8d092 Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <public@benj.me>
Date: Fri, 18 Mar 2022 11:42:32 +0100
Subject: [PATCH 5/6] add note to CONTRIBUTING.md

---
 CONTRIBUTING.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ac2e0811e..15adfe488 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -94,6 +94,16 @@ uutils: add new utility
 gitignore: add temporary files
 ```
 
+## cargo-deny
+
+This project uses [cargo-deny](https://github.com/EmbarkStudios/cargo-deny/) to
+detect duplicate dependencies, checks licenses, etc. To run it locally, first
+install it and then run with:
+
+```
+cargo deny --all-features check all
+```
+
 ## Licensing
 
 uutils is distributed under the terms of the MIT License; see the `LICENSE` file

From 709a9219597469cc65998af900ee2c476455760d Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <public@benj.me>
Date: Fri, 18 Mar 2022 12:10:21 +0100
Subject: [PATCH 6/6] Try to please spellcheck?

---
 deny.toml | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/deny.toml b/deny.toml
index cd4ae7076..dea3503de 100644
--- a/deny.toml
+++ b/deny.toml
@@ -1,3 +1,5 @@
+# spell-checker:ignore SSLeay RUSTSEC
+
 # This section is considered when running `cargo deny check advisories`
 # More documentation for the advisories section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
@@ -54,30 +56,34 @@ license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
 multiple-versions = "deny"
 wildcards = "allow"
 highlight = "all"
+
+# For each duplicate dependency, indicate the name of the dependency which
+# introduces it.
+# spell-checker: disable
 skip = [
-    # blake2d_simd uses an old version
+    # blake2d_simd
     { name = "arrayvec", version = "=0.7.2" },
-    # flimit/unix_socket use old versions
+    # flimit/unix_socket
     { name = "cfg-if", version = "=0.1.10" },
-    # ordered-multimap uses an old version
+    # ordered-multimap
     { name = "hashbrown", version = "=0.9.1" },
-    # kernel32-sys uses an old version
+    # kernel32-sys
     { name = "winapi", version = "=0.2.8" },
-    # bindgen 0.59.2 uses an old version of clap, which in turn uses other old dependencies
+    # bindgen 0.59.2
     { name = "clap", version = "=2.34.0" },
     { name = "strsim", version = "=0.8.0" },
     { name = "textwrap", version = "=0.11.0" },
-    # cpp_common uses an old version
     { name = "cpp_common", version = "=0.4.0" },
-    # quickcheck uses an old version
+    # quickcheck
     { name = "env_logger", version = "=0.8.4" },
-    # cpp_ crates uses old stuff
+    # cpp_*
     { name = "memchr", version = "=1.0.2" },
     { name = "quote", version = "=0.3.15" },
     { name = "unicode-xid", version = "=0.0.4" },
-    # exacl uses an old version
+    # exacl
     { name = "nix", version = "=0.21.0" },
 ]
+# spell-checker: enable
 
 # This section is considered when running `cargo deny check sources`.
 # More documentation about the 'sources' section can be found here: