chore: add cargo-deny (#603)

* chore: add cargo-deny and ensure it passes

* ci: enforce cargo deny

.github/workflows/cargo-license.yaml

@@ -0,0 +1,12 @@
+name: cargo-deny check
+on: pull_request
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: EmbarkStudios/cargo-deny-action@v2
+      with:
+        manifest-path: "./Cargo.toml"
+        command: check
+        command-arguments: "--hide-inclusion-graph"

Cargo.toml

@@ -38,7 +38,7 @@ zksync_contracts = { git = "https://github.com/matter-labs/zksync-era", tag = "c
 zksync_types = { git = "https://github.com/matter-labs/zksync-era", tag = "core-v26.4.0" }
 zksync_vm_interface = { git = "https://github.com/matter-labs/zksync-era", tag = "core-v26.4.0" }
 zksync_web3_decl = { git = "https://github.com/matter-labs/zksync-era", tag = "core-v26.4.0" }
-zksync_telemetry = { git = "https://github.com/matter-labs/zksync-telemetry.git", rev = "ed600f46c74ccc15ae34ea38f27327d66458518a" }
+zksync_telemetry = { git = "https://github.com/matter-labs/zksync-telemetry.git", rev = "d5c35951843263765079545c31c908dcbaab1f30" }
 zksync-error-codegen = { git = "https://github.com/matter-labs/zksync-error", rev = "92d1b60d18686e0e261f04dc7efd74db60e112f1", default-features = false }
 zksync-error-description = { git = "https://github.com/matter-labs/zksync-error", rev = "92d1b60d18686e0e261f04dc7efd74db60e112f1" }
 
@@ -72,7 +72,7 @@ serde_json = "1.0"
 strum = "0.26.3"
 strum_macros = "0.26.4"
 serde_yaml = "0.9.33"
-tempdir = "0.3.7"
+tempfile = { version = "3.16.0", default-features = false }
 thiserror = "1"
 time = "0.3.36"
 tokio = { version = "1", features = ["full", "tracing"] }

crates/cli/Cargo.toml

@@ -42,4 +42,4 @@ flate2.workspace = true
 url.workspace = true
 
 [dev-dependencies]
-tempdir.workspace = true
+tempfile.workspace = true

crates/cli/src/cli.rs

@@ -866,7 +866,6 @@ mod tests {
         env,
         net::{IpAddr, Ipv4Addr},
     };
-    use tempdir::TempDir;
     use zksync_types::{H160, U256};
 
     #[test]
@@ -915,7 +914,10 @@ mod tests {
 
     #[tokio::test]
     async fn test_dump_state() -> anyhow::Result<()> {
-        let temp_dir = TempDir::new("state-test").expect("failed creating temporary dir");
+        let temp_dir = tempfile::Builder::new()
+            .prefix("state-test")
+            .tempdir()
+            .expect("failed creating temporary dir");
         let dump_path = temp_dir.path().join("state.json");
 
         let config = anvil_zksync_config::TestNodeConfig {
@@ -956,7 +958,10 @@ mod tests {
 
     #[tokio::test]
     async fn test_load_state() -> anyhow::Result<()> {
-        let temp_dir = TempDir::new("state-load-test").expect("failed creating temporary dir");
+        let temp_dir = tempfile::Builder::new()
+            .prefix("state-load-test")
+            .tempdir()
+            .expect("failed creating temporary dir");
         let state_path = temp_dir.path().join("state.json");
 
         let config = anvil_zksync_config::TestNodeConfig {

crates/core/Cargo.toml

@@ -49,7 +49,7 @@ url.workspace = true
 [dev-dependencies]
 maplit.workspace = true
 httptest.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true
 test-case.workspace = true
 backon.workspace = true
 

crates/core/src/cache.rs

@@ -377,7 +377,6 @@ impl Cache {
 
 #[cfg(test)]
 mod tests {
-    use tempdir::TempDir;
     use zksync_types::{Execute, ExecuteTransactionCommon};
     use zksync_types::{H160, U64};
 
@@ -504,7 +503,10 @@ mod tests {
             l2_legacy_shared_bridge: Some(H160::repeat_byte(0x6)),
         };
 
-        let cache_dir = TempDir::new("cache-test").expect("failed creating temporary dir");
+        let cache_dir = tempfile::Builder::new()
+            .prefix("cache-test")
+            .tempdir()
+            .expect("failed creating temporary dir");
         let cache_dir_path = cache_dir
             .path()
             .to_str()
@@ -605,7 +607,10 @@ mod tests {
             l2_legacy_shared_bridge: Some(H160::repeat_byte(0x6)),
         };
 
-        let cache_dir = TempDir::new("cache-test").expect("failed creating temporary dir");
+        let cache_dir = tempfile::Builder::new()
+            .prefix("cache-test")
+            .tempdir()
+            .expect("failed creating temporary dir");
         let cache_dir_path = cache_dir
             .path()
             .to_str()
@@ -660,7 +665,10 @@ mod tests {
 
     #[test]
     fn test_cache_config_disk_only_resets_created_data_on_disk() {
-        let cache_dir = TempDir::new("cache-test").expect("failed creating temporary dir");
+        let cache_dir = tempfile::Builder::new()
+            .prefix("cache-test")
+            .tempdir()
+            .expect("failed creating temporary dir");
         let cache_dir_path = cache_dir
             .path()
             .to_str()

crates/l1_sidecar/Cargo.toml

@@ -21,7 +21,7 @@ alloy = { workspace = true, default-features = false, features = ["sol-types", "
 foundry-anvil.workspace = true
 foundry-common.workspace = true
 anyhow.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true
 serde.workspace = true
 serde_yaml.workspace = true
 serde_with.workspace = true

crates/l1_sidecar/src/anvil.rs

@@ -5,7 +5,7 @@ use anyhow::Context;
 use foundry_anvil::{NodeConfig, NodeHandle};
 use foundry_common::Shell;
 use std::time::Duration;
-use tempdir::TempDir;
+use tempfile::TempDir;
 use tokio::io::AsyncWriteExt;
 
 /// Representation of an anvil process spawned onto an event loop.
@@ -34,7 +34,9 @@ pub async fn spawn_builtin(
     port: u16,
     zkstack_config: &ZkstackConfig,
 ) -> anyhow::Result<(AnvilHandle, Box<dyn Provider>)> {
-    let tmpdir = TempDir::new("anvil_zksync_l1")?;
+    let tmpdir = tempfile::Builder::new()
+        .prefix("anvil_zksync_l1")
+        .tempdir()?;
     let anvil_state_path = tmpdir.path().join("l1-state.json");
     let mut anvil_state_file = tokio::fs::File::create(&anvil_state_path).await?;
     anvil_state_file

deny.toml

@@ -0,0 +1,78 @@
+[graph]
+targets = [
+    "x86_64-unknown-linux-gnu",
+    "aarch64-unknown-linux-gnu",
+    "x86_64-apple-darwin",
+    "aarch64-apple-darwin",
+]
+all-features = false
+no-default-features = false
+
+[output]
+feature-depth = 1
+
+[advisories]
+ignore = [
+    { id = "RUSTSEC-2024-0370", reason = "`proc-macro-error` is unmaintained, but foundry relies on it" },
+    { id = "RUSTSEC-2024-0388", reason = '`derivative` is unmaintained, crypto dependenicies (boojum, circuit_encodings and others) rely on it' },
+]
+
+[licenses]
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "Unlicense",
+    "MPL-2.0",
+    "CC0-1.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "Zlib",
+    "OpenSSL",
+    "Apache-2.0 WITH LLVM-exception",
+    "0BSD",
+    "BSL-1.0",
+    "Unicode-3.0"
+]
+confidence-threshold = 0.8
+
+[[licenses.clarify]]
+crate = "ring"
+# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
+# https://spdx.org/licenses/OpenSSL.html
+# ISC - Both BoringSSL and ring use this for their new files
+# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
+# license, for third_party/fiat, which, unlike other third_party directories, is
+# compiled into non-test libraries, is included below."
+# OpenSSL - Obviously
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+[licenses.private]
+ignore = false
+registries = []
+
+[bans]
+multiple-versions = "allow"
+wildcards = "allow"
+highlight = "all"
+workspace-default-features = "allow"
+external-default-features = "allow"
+allow = []
+deny = [
+    { crate = "openssl", use-instead = "rustls" },
+    { crate = "openssl-sys", use-instead = "rustls" },
+]
+skip = []
+skip-tree = []
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "allow"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
+
+[sources.allow-org]
+github = []
+gitlab = []
+bitbucket = []