didwebvh-rs 0.5.6

Implementation of the did:webvh method in Rust
Documentation
name: CI

on:
  push:
    branches: [main]
  pull_request:

env:
  CARGO_TERM_COLOR: always

jobs:
  fmt:
    name: Format
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt
      - run: cargo fmt -- --check

  clippy:
    name: Clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: clippy
      - run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - uses: Swatinem/rust-cache@v2
      # --tests + --examples covers the shipping code without tripping
      # the nightly-only did_benchmarks_nightly bench (uses #![feature(test)]).
      - run: cargo clippy --all-features --tests --examples -- -D warnings

  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - uses: Swatinem/rust-cache@v2
      - run: cargo test --all-features

  msrv:
    name: MSRV (1.95.0)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: "1.95.0"
      - uses: Swatinem/rust-cache@v2
      - run: cargo check --all-features

  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - run: cargo install cargo-audit
      # Ignored advisories are ALL transitive via the optional `ssi`
      # feature; the default build has zero advisories. Reviewed and
      # confirmed still warranted on every CI run.
      #
      # Vulnerabilities (advisories with severity):
      # - RUSTSEC-2023-0071: rsa 0.6.1 Marvin Attack timing side-channel (via ssi-jwk)
      # - RUSTSEC-2026-0098: rustls-webpki 0.101.7 URI name constraints (via reqwest 0.11)
      # - RUSTSEC-2026-0099: rustls-webpki 0.101.7 wildcard name constraints (via reqwest 0.11)
      # - RUSTSEC-2026-0104: rustls-webpki 0.101.7 CRL parse panic (via reqwest 0.11)
      #
      # Unmaintained warnings (no CVE, advisory category = "unmaintained"):
      # - RUSTSEC-2021-0127: serde_cbor unmaintained (via ssi-vc-jose-cose)
      # - RUSTSEC-2024-0370: proc-macro-error unmaintained (via did-tz)
      # - RUSTSEC-2024-0388: derivative unmaintained (via ssi-jwk)
      # - RUSTSEC-2025-0134: rustls-pemfile unmaintained (via reqwest 0.11)
      #
      # Re-audit when upstream `ssi` drops the affected dep chains
      # (most are rooted in ssi-jwk / ssi-vc-jose-cose / reqwest 0.11).
      - run: >-
          cargo audit
          --ignore RUSTSEC-2023-0071
          --ignore RUSTSEC-2024-0388
          --ignore RUSTSEC-2024-0370
          --ignore RUSTSEC-2025-0134
          --ignore RUSTSEC-2021-0127
          --ignore RUSTSEC-2026-0098
          --ignore RUSTSEC-2026-0099
          --ignore RUSTSEC-2026-0104