oxcache 0.2.0

A high-performance multi-level cache library for Rust with L1 (memory) and L2 (Redis) caching.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

# cargo-deny 配置文件
# 文档: https://embarkstudios.github.io/cargo-deny/

[advisories]
db-urls = ["https://github.com/rustsec/advisory-db"]
ignore = [
    # RUSTSEC-2023-0071: rsa Marvin Attack (CVE-2023-XXXX)
    # 严重程度: 中 (5.9)
    # 来源: sqlx → sqlx-mysql → rsa (传递依赖)
    # 影响: 通过时序侧信道可能恢复密钥
    # 缓解措施:
    #   1. 仅在数据库功能启用时受影响 (feature = "database")
    #   2. 本项目不直接处理加密密钥
    #   3. 生产环境应使用TLS加密连接
    # 计划: 跟踪 sqlx 更新,等待官方修复
    # 参考: https://rustsec.org/advisories/RUSTSEC-2023-0071
    { id = "RUSTSEC-2023-0071", reason = "sqlx传递依赖,无可用修复版本,仅影响数据库功能,生产环境使用TLS缓解" },

    # RUSTSEC-2025-0111: tokio-tar PAX header smuggling
    # 严重程度: 中
    # 来源: testcontainers → tokio-tar (传递依赖)
    # 影响: PAX扩展头解析错误,允许文件走私
    # 缓解措施:
    #   1. 仅在测试环境使用 testcontainers
    #   2. 不处理来自不可信源的tar文件
    #   3. 生产代码不受影响
    # 计划: 跟踪 testcontainers 更新
    # 参考: https://rustsec.org/advisories/RUSTSEC-2025-0111
    { id = "RUSTSEC-2025-0111", reason = "testcontainers传递依赖,仅影响测试环境,生产代码不受影响" },

    # RUSTSEC-2025-0141: bincode is unmaintained
    # 严重程度: 低 (警告)
    # 来源: 项目直接依赖
    # 影响: 未来可能存在未修复的安全漏洞
    # 替代方案:
    #   1. postcard (推荐) - 更小、更快、零拷贝
    #   2. msgpack - 跨语言支持
    #   3. protobuf - 向后兼容性好
    # 计划:
    #   - 短期: 继续使用,监控安全公告
    #   - 中期: 评估迁移到 postcard (Q2 2026)
    # 参考: https://rustsec.org/advisories/RUSTSEC-2025-0141
    { id = "RUSTSEC-2025-0141", reason = "直接依赖,计划Q2 2026迁移到postcard,短期继续使用并监控安全公告" },

    # RUSTSEC-2025-0134: rustls-pemfile is unmaintained
    # 严重程度: 低 (警告)
    # 来源: bollard → rustls-pemfile (传递依赖)
    # 影响: 未来可能存在未修复的安全漏洞
    # 缓解措施:
    #   1. 仅在 testcontainers (Docker) 功能启用时受影响
    #   2. 主要用于测试环境的证书解析
    # 计划: 跟踪 bollard 更新,等待迁移到 rustls-pemfile2
    # 参考: https://rustsec.org/advisories/RUSTSEC-2025-0134
    { id = "RUSTSEC-2025-0134", reason = "bollard传递依赖,仅影响Docker测试功能,跟踪bollard更新" },
]

[licenses]
allow = [
    "MIT",
    "MIT-0",  # MIT No Attribution - OSI批准
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-3.0",
    "Zlib",
    "CDLA-Permissive-2.0",
    "CC0-1.0",
    "MPL-2.0",
    "BSL-1.0",  # Boost Software License 1.0 - OSI批准, xxhash-rust使用
]
confidence-threshold = 0.8

[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "all"
skip = []
skip-tree = []

[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []