diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-11-20 09:43:18 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-11-20 09:43:18 +0200 |
commit | f766cbf345cfb1219e80e3e375f94866048d9450 (patch) | |
tree | 4c1c65963f1aa3564516430dd7b3a7639edef5d1 /deny.toml | |
parent | 47a2a2d5d1cf53b02d6fc724a0c7b60effc5dd4f (diff) | |
download | obnam2-f766cbf345cfb1219e80e3e375f94866048d9450.tar.gz |
chore: add config for "cargo deny"
With this configuration, "cargo deny check" is happy. This is achieved
by ignoring specific advisories, and setting advisories.yanked is set
to allow, for now. We'll need to work on upgrading dependencies to
fixed versions, and then make the deny policy stricter.
Sponsored-by: author
Diffstat (limited to 'deny.toml')
-rw-r--r-- | deny.toml | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..ad52788 --- /dev/null +++ b/deny.toml @@ -0,0 +1,78 @@ +# Note that all fields that take a lint level have these possible values: +# * deny - An error will be produced and the check will fail +# * warn - A warning will be produced, but the check will not fail +# * allow - No warning or error will be produced, though in some cases a note +# will be + +[advisories] +db-path = "~/.cargo/advisory-db" +db-urls = ["https://github.com/rustsec/advisory-db"] +vulnerability = "deny" +unmaintained = "warn" +yanked = "allow" +notice = "warn" +ignore = [ + "RUSTSEC-2020-0027", + "RUSTSEC-2020-0071", + "RUSTSEC-2020-0159", + "RUSTSEC-2021-0072", + "RUSTSEC-2021-0078", + "RUSTSEC-2021-0079", + "RUSTSEC-2021-0124", +] + +[licenses] +unlicensed = "deny" +allow = [ + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "BSD-3-Clause", + "ISC", + "LicenseRef-ring", + "MIT", +] +deny = [ + #"Nokia", +] +copyleft = "allow" +default = "deny" +exceptions = [ + # Each entry is the crate and version constraint, and its specific allow + # list + #{ allow = ["Zlib"], name = "adler32", version = "*" }, +] + +[[licenses.clarify]] +name = "ring" +expression = "LicenseRef-ring" +license-files = [ + { path = "LICENSE", hash = 0xbd0eed23 }, +] + +[bans] +multiple-versions = "allow" +wildcards = "allow" +highlight = "all" +allow = [ + #{ name = "ansi_term", version = "=0.11.0" }, +] +deny = [ + # Each entry the name of a crate and a version range. If version is + # not specified, all versions will be matched. + #{ name = "ansi_term", version = "=0.11.0" }, + # + # Wrapper crates can optionally be specified to allow the crate when it + # is a direct dependency of the otherwise banned crate + #{ name = "ansi_term", version = "=0.11.0", wrappers = [] }, +] +skip = [ + #{ name = "ansi_term", version = "=0.11.0" }, +] +skip-tree = [ + #{ name = "ansi_term", version = "=0.11.0", depth = 20 }, +] + +[sources] +unknown-registry = "warn" +unknown-git = "warn" +allow-git = [] |