Skip to content

Add RUSTSEC-2026-0173 exception#68

Merged
RobertZ2011 merged 2 commits into
OpenDevicePartnership:mainfrom
RobertZ2011:remove-aquamarine
Jun 8, 2026
Merged

Add RUSTSEC-2026-0173 exception#68
RobertZ2011 merged 2 commits into
OpenDevicePartnership:mainfrom
RobertZ2011:remove-aquamarine

Conversation

@RobertZ2011

@RobertZ2011 RobertZ2011 commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

aquamarine depends on proc-macro-error2 which is now unmaintained.
Remove it as it provides a minor QoL improvement. Mermaid diagrams are
still present in the docs directory and Github supports rendered
previews. Add an exception since defmt also depends on this crate.

@RobertZ2011 RobertZ2011 self-assigned this Jun 8, 2026
@RobertZ2011 RobertZ2011 force-pushed the remove-aquamarine branch 2 times, most recently from 9e479d1 to 71f3e64 Compare June 8, 2026 16:57
@github-actions

github-actions Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Cargo Vet Audit Passed

cargo vet has passed in this PR. No new unvetted dependencies were found.

@RobertZ2011
Add RUSTSEC-2026-0173 exception
e1cf677 
`aquamarine` depends on `proc-macro-error2` which is now unmaintained.
Remove it as it provides a minor QoL improvement. Mermaid diagrams are
still present in the docs directory and Github supports rendered
previews. Add an exception since defmt also depends on this crate.
@RobertZ2011 RobertZ2011 marked this pull request as ready for review June 8, 2026 17:03
Copilot AI review requested due to automatic review settings June 8, 2026 17:03
@RobertZ2011 RobertZ2011 requested a review from a team as a code owner June 8, 2026 17:03
@RobertZ2011 RobertZ2011 requested review from asasine and gjpmsft June 8, 2026 17:03
@RobertZ2011 RobertZ2011 changed the title Remove rendered mermaid diagrams in docs Add RUSTSEC-2026-0173 exception Jun 8, 2026
Copilot AI reviewed Jun 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes the aquamarine dependency and stops embedding rendered Mermaid diagrams into rustdoc, keeping the Mermaid source files under docs/ for GitHub-rendered previews. It also updates dependency/security configuration to account for the resulting dependency graph changes.

Changes:

  • Remove aquamarine from dependencies and from the lockfile.
  • Remove rustdoc attributes that embedded the Mermaid state machine diagram in StateMachine docs.
  • Add a cargo-deny advisory ignore entry for proc-macro-error2.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File Description
src/ucsi/ppm/state_machine.rs Removes rustdoc Mermaid embedding attributes for the PPM state machine docs.
deny.toml Adds an ignore entry for RUSTSEC-2026-0173 (proc-macro-error2).
Cargo.toml Drops the aquamarine dependency.
Cargo.lock Removes aquamarine and its transitive deps from the resolved dependency set.

Comment thread src/ucsi/ppm/state_machine.rs Outdated
Comment thread deny.toml
kurtjd
kurtjd previously approved these changes Jun 8, 2026
View reviewed changes

@kurtjd kurtjd left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we still need the exception for defmt, does it make sense to keep aquamarine around anyway? Or do you foresee defmt moving off the dependency but not aquamarine?

@RobertZ2011 RobertZ2011 requested a review from kurtjd June 8, 2026 18:25
@RobertZ2011

RobertZ2011 commented Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

If we still need the exception for defmt, does it make sense to keep aquamarine around anyway? Or do you foresee defmt moving off the dependency but not aquamarine?

It's more that defmt is a requirement while aquamarine isn't. But I also felt that it ended up being more of a gimmick and there's some weirdness about vetting since it has to be pulled in as a run-time dependency to run during cargo docs.

@RobertZ2011 RobertZ2011 merged commit df9cecd into OpenDevicePartnership:main Jun 8, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kurtjd kurtjd kurtjd approved these changes

@tullom tullom tullom approved these changes

@asasine asasine Awaiting requested review from asasine asasine is a code owner automatically assigned from OpenDevicePartnership/ec-usb-c-pd-team

@gjpmsft gjpmsft Awaiting requested review from gjpmsft gjpmsft is a code owner automatically assigned from OpenDevicePartnership/ec-usb-c-pd-team

@felipebalbi felipebalbi Awaiting requested review from felipebalbi

@jerrysxie jerrysxie Awaiting requested review from jerrysxie

Assignees

@RobertZ2011 RobertZ2011

Labels

cargo vet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@RobertZ2011 @kurtjd @tullom