From 10bf6af05ec8c3d9b4de6312ccad0e0354e61cda Mon Sep 17 00:00:00 2001 From: Mark Karpeles Date: Thu, 4 Jun 2026 22:24:32 +0900 Subject: [PATCH 1/2] Forbid unsafe code across all package targets Add [lints.rust] unsafe_code = "forbid" to Cargo.toml so the guarantee extends beyond the library (which already had #![forbid(unsafe_code)] in src/lib.rs) to the build-time code generator, build_support helpers, examples, and tests. Co-Authored-By: Claude Opus 4.8 (1M context) --- Cargo.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index 0536111..b9b3385 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,6 +21,13 @@ categories = ["no-std", "cryptography", "embedded"] # Ship the roots + generators, but not throwaway artifacts. exclude = ["/.github", "/*.txt"] +# Forbid unsafe across every target in the package (lib, build script, +# examples, tests). The library also carries #![forbid(unsafe_code)] in +# src/lib.rs; this extends the same guarantee to the build-time code generator +# and the maintenance tooling. +[lints.rust] +unsafe_code = "forbid" + [lib] path = "src/lib.rs" From 0ac689eb3bfc7e46c83da4e281ea1673755c9cc1 Mon Sep 17 00:00:00 2001 From: Mark Karpeles Date: Thu, 4 Jun 2026 22:31:21 +0900 Subject: [PATCH 2/2] Remove Cargo.lock from version control Conventional for library crates: downstream consumers resolve their own dependency versions, so the lockfile is not committed. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitignore | 1 + Cargo.lock | 7 ------- 2 files changed, 1 insertion(+), 7 deletions(-) delete mode 100644 Cargo.lock diff --git a/.gitignore b/.gitignore index 0fa5d1c..ecc64a2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /target /import-staging +/Cargo.lock diff --git a/Cargo.lock b/Cargo.lock deleted file mode 100644 index 82eac50..0000000 --- a/Cargo.lock +++ /dev/null @@ -1,7 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "cacrt" -version = "0.1.0"