fission-codes · bgins · Oct 7, 2025 · Oct 7, 2025 · Oct 7, 2025 · Oct 7, 2025
@@ -26,8 +26,8 @@ jobs:
       nix: ${{ steps.filter.outputs.nix }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
-      - uses: dorny/paths-filter@v2
+        uses: actions/checkout@v5
+      - uses: dorny/paths-filter@v3
         id: filter
         with:
           filters: |
@@ -59,7 +59,7 @@ jobs:
           - rust+wasm
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -72,7 +72,7 @@ jobs:
           other: "--lib"
 
       - name: Install Nix
-        uses: cachix/install-nix-action@v23
+        uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
@@ -118,7 +118,7 @@ jobs:
           - bin
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -152,7 +152,7 @@ jobs:
           command: install
 
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v6
 
       - name: Install pre-commit
         run: pip install pre-commit
@@ -161,7 +161,7 @@ jobs:
         run: pre-commit install
 
       - name: Install Nix
-        uses: cachix/install-nix-action@v23
+        uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
@@ -194,12 +194,12 @@ jobs:
           - rust+wasm
     steps:
       - name: Install Protoc
-        uses: arduino/setup-protoc@v2
+        uses: arduino/setup-protoc@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -233,7 +233,7 @@ jobs:
           command: install
 
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v6
 
       - name: Install pre-commit
         run: pip install pre-commit
@@ -242,7 +242,7 @@ jobs:
         run: pre-commit install
 
       - name: Install Nix
-        uses: cachix/install-nix-action@v23
+        uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
@@ -270,7 +270,7 @@ jobs:
           - bin
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -300,12 +300,12 @@ jobs:
       PROJECT_NAME: fission-codes-rust-template
     steps:
       - name: Install Protoc
-        uses: arduino/setup-protoc@v2
+        uses: arduino/setup-protoc@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -340,7 +340,7 @@ jobs:
           - bin
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -375,12 +375,12 @@ jobs:
       PROJECT_NAME: fission-codes-rust-template
     steps:
       - name: Install Protoc
-        uses: arduino/setup-protoc@v2
+        uses: arduino/setup-protoc@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -423,7 +423,7 @@ jobs:
           - bin
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -467,12 +467,12 @@ jobs:
           - rust+wasm
     steps:
       - name: Install Protoc
-        uses: arduino/setup-protoc@v2
+        uses: arduino/setup-protoc@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -520,7 +520,7 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -598,7 +598,7 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup cargo-generate
         uses: cargo-generate/cargo-generate-action@v0.18.3
@@ -672,12 +672,12 @@ jobs:
         working-directory: examples
     steps:
       - name: Install Protoc
-        uses: arduino/setup-protoc@v2
+        uses: arduino/setup-protoc@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Cache Project
         uses: Swatinem/rust-cache@v2

@@ -28,3 +28,12 @@ repos:
       - id: check-executables-have-shebangs
       - id: check-toml
         exclude: ^(rust|rust+wasm)
+
+  - repo: local
+    hooks:
+      - id: copy-example-lockfiles
+        name: copy example cargo lockfiles
+        entry: scripts/copy-example-lockfiles.sh
+        language: script
+        files: ^examples/(Cargo\.(toml|lock)|.*/Cargo\.toml)$
+        pass_filenames: false
@@ -2,6 +2,21 @@ This workspace contains numerous examples demonstrating template-generated
 code and combinations. Each example is setup as its own crate, with its own
 dependencies.
 
+## Cargo.lock Synchronization
+
+The workspace automatically maintains synchronized `Cargo.lock` files for all
+example templates. When dependencies are updated at the workspace level, a
+pre-commit hook automatically copies the workspace `Cargo.lock` to each example
+directory that contains a `Cargo.toml` file. This ensures all templates have
+up-to-date dependency resolution for use with `cargo generate`.
+
+This synchronization happens automatically during commits when `Cargo.toml` or
+`Cargo.lock` files are modified. You can also run it manually:
+
+```console
+./scripts/copy-example-lockfiles.sh
+```
+
 ## Running Examples
 
 To run any example from this top-level:

@@ -105,11 +105,11 @@ confidence-threshold = 0.8
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
-    # The Unicode-DFS-2016 license is necessary for unicode-ident because they
+    # The Unicode-3.0 license is necessary for unicode-ident because they
     # use data from the unicode tables to generate the tables which are
     # included in the application. We do not distribute those data files so
     # this is not a problem for us. See https://github.com/dtolnay/unicode-ident/pull/9/files
-    { allow = ["Unicode-DFS-2016"], name = "unicode-ident", version = "*"},
+    { allow = ["Unicode-3.0"], name = "unicode-ident", version = "*"},
 ]
 
 # Some crates don't have (easily) machine readable licensing information,

@@ -52,6 +52,7 @@ ignore = [
     "RUSTSEC-2023-0071", # Impacts rsa crate, which is only used in dev, see
                          # https://github.com/RustCrypto/RSA/pull/394 for remediation
     { id = "RUSTSEC-2024-0320", reason = "Not planning to force upgrade to rust-yaml2 yet" },
+    { id = "RUSTSEC-2024-0375", reason = "atty unmaintained, only used by criterion in dev. Can likely upgrade criterion to resolve" },
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories
@@ -109,11 +110,11 @@ confidence-threshold = 0.8
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
-    # The Unicode-DFS-2016 license is necessary for unicode-ident because they
+    # The Unicode-3.0 license is necessary for unicode-ident because they
     # use data from the unicode tables to generate the tables which are
     # included in the application. We do not distribute those data files so
     # this is not a problem for us. See https://github.com/dtolnay/unicode-ident/pull/9/files
-    { allow = ["Unicode-DFS-2016"], name = "unicode-ident", version = "*"},
+    { allow = ["Unicode-3.0"], name = "unicode-ident", version = "*"},
     { allow = ["OpenSSL"], name = "ring", version = "*" },
     { allow = ["OpenSSL"], name = "aws-lc-sys", version = "*" },
     { allow = ["MPL-2.0"], name = "webpki-roots", version = "*"},

@@ -31,9 +31,9 @@ pub fn set_panic_hook() {
 
 #[wasm_bindgen]
 extern "C" {
-    // For alerting
+    /// For alerting
     pub(crate) fn alert(s: &str);
-    // For logging in the console.
+    /// For logging in the console.
     #[wasm_bindgen(js_namespace = console)]
     pub fn log(s: &str);
 }

@@ -52,6 +52,7 @@ ignore = [
     "RUSTSEC-2023-0071", # Impacts rsa crate, which is only used in dev, see
                          # https://github.com/RustCrypto/RSA/pull/394 for remediation
     { id = "RUSTSEC-2024-0320", reason = "Not planning to force upgrade to rust-yaml2 yet" },
+    { id = "RUSTSEC-2024-0375", reason = "atty unmaintained, only used by criterion in dev. Can likely upgrade criterion to resolve" },
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories
@@ -109,11 +110,11 @@ confidence-threshold = 0.8
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
-    # The Unicode-DFS-2016 license is necessary for unicode-ident because they
+    # The Unicode-3.0 license is necessary for unicode-ident because they
     # use data from the unicode tables to generate the tables which are
     # included in the application. We do not distribute those data files so
     # this is not a problem for us. See https://github.com/dtolnay/unicode-ident/pull/9/files
-    { allow = ["Unicode-DFS-2016"], name = "unicode-ident", version = "*"},
+    { allow = ["Unicode-3.0"], name = "unicode-ident", version = "*"},
     { allow = ["OpenSSL"], name = "ring", version = "*" },
     { allow = ["OpenSSL"], name = "aws-lc-sys", version = "*" },
     { allow = ["MPL-2.0"], name = "webpki-roots", version = "*"},

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# Script to copy workspace Cargo.lock to all example template directories
+# This ensures templates have up-to-date lock files for cargo generate
+
+set -e
+
+# Define paths
+WORKSPACE_LOCK="examples/Cargo.lock"
+EXAMPLES_DIR="examples"
+
+# Check if workspace lock file exists
+if [[ ! -f "$WORKSPACE_LOCK" ]]; then
+    echo "Error: Workspace Cargo.lock not found at $WORKSPACE_LOCK"
+    exit 1
+fi
+
+# Check if examples directory exists
+if [[ ! -d "$EXAMPLES_DIR" ]]; then
+    echo "Error: Examples directory not found at $EXAMPLES_DIR"
+    exit 1
+fi
+
+# Find all subdirectories in examples/ that contain a Cargo.toml (excluding target)
+example_dirs=()
+while IFS= read -r -d '' dir; do
+    # Skip the target directory
+    if [[ "$(basename "$dir")" == "target" ]]; then
+        continue
+    fi
+
+    # Check if the directory contains a Cargo.toml file
+    if [[ -f "$dir/Cargo.toml" ]]; then
+        example_dirs+=("$dir")
+    fi
+done < <(find "$EXAMPLES_DIR" -mindepth 1 -maxdepth 1 -type d -print0)
+
+# Check if we found any example directories
+if [[ ${#example_dirs[@]} -eq 0 ]]; then
+    echo "No example directories with Cargo.toml found in $EXAMPLES_DIR"
+    exit 0
+fi
+
+# Copy workspace lock to each example directory
+copied_count=0
+for example_dir in "${example_dirs[@]}"; do
+    target_lock="$example_dir/Cargo.lock"
+    cp "$WORKSPACE_LOCK" "$target_lock"
+    echo "Copied $WORKSPACE_LOCK to $target_lock"
+    ((copied_count++))
+done
+
+echo "Successfully copied Cargo.lock to $copied_count example template(s)"