summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2021-11-20 09:43:18 +0200
committerLars Wirzenius <liw@liw.fi>2021-11-20 09:43:18 +0200
commitf766cbf345cfb1219e80e3e375f94866048d9450 (patch)
tree4c1c65963f1aa3564516430dd7b3a7639edef5d1
parent47a2a2d5d1cf53b02d6fc724a0c7b60effc5dd4f (diff)
downloadobnam2-f766cbf345cfb1219e80e3e375f94866048d9450.tar.gz
chore: add config for "cargo deny"
With this configuration, "cargo deny check" is happy. This is achieved by ignoring specific advisories, and setting advisories.yanked is set to allow, for now. We'll need to work on upgrading dependencies to fixed versions, and then make the deny policy stricter. Sponsored-by: author
-rw-r--r--deny.toml78
1 files changed, 78 insertions, 0 deletions
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 0000000..ad52788
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,78 @@
+# Note that all fields that take a lint level have these possible values:
+# * deny - An error will be produced and the check will fail
+# * warn - A warning will be produced, but the check will not fail
+# * allow - No warning or error will be produced, though in some cases a note
+# will be
+
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "deny"
+unmaintained = "warn"
+yanked = "allow"
+notice = "warn"
+ignore = [
+ "RUSTSEC-2020-0027",
+ "RUSTSEC-2020-0071",
+ "RUSTSEC-2020-0159",
+ "RUSTSEC-2021-0072",
+ "RUSTSEC-2021-0078",
+ "RUSTSEC-2021-0079",
+ "RUSTSEC-2021-0124",
+]
+
+[licenses]
+unlicensed = "deny"
+allow = [
+ "Apache-2.0",
+ "Apache-2.0 WITH LLVM-exception",
+ "BSD-3-Clause",
+ "ISC",
+ "LicenseRef-ring",
+ "MIT",
+]
+deny = [
+ #"Nokia",
+]
+copyleft = "allow"
+default = "deny"
+exceptions = [
+ # Each entry is the crate and version constraint, and its specific allow
+ # list
+ #{ allow = ["Zlib"], name = "adler32", version = "*" },
+]
+
+[[licenses.clarify]]
+name = "ring"
+expression = "LicenseRef-ring"
+license-files = [
+ { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[bans]
+multiple-versions = "allow"
+wildcards = "allow"
+highlight = "all"
+allow = [
+ #{ name = "ansi_term", version = "=0.11.0" },
+]
+deny = [
+ # Each entry the name of a crate and a version range. If version is
+ # not specified, all versions will be matched.
+ #{ name = "ansi_term", version = "=0.11.0" },
+ #
+ # Wrapper crates can optionally be specified to allow the crate when it
+ # is a direct dependency of the otherwise banned crate
+ #{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
+]
+skip = [
+ #{ name = "ansi_term", version = "=0.11.0" },
+]
+skip-tree = [
+ #{ name = "ansi_term", version = "=0.11.0", depth = 20 },
+]
+
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
+allow-git = []