diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-11-21 06:55:57 +0000 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-11-21 06:55:57 +0000 |
commit | 439653559da3a7fe3edbc9cb86c3d40cff668b2b (patch) | |
tree | d1221bdc187664e154b794e7809694ea8a726f57 /deny.toml | |
parent | 47a2a2d5d1cf53b02d6fc724a0c7b60effc5dd4f (diff) | |
parent | c9ed57619837de53cf2fe4c2a24e4a2bcca4f8d5 (diff) | |
download | obnam2-439653559da3a7fe3edbc9cb86c3d40cff668b2b.tar.gz |
Merge branch 'audit' into 'main'
Prepare release 0.5.0
Closes #149 and #150
See merge request obnam/obnam!188
Diffstat (limited to 'deny.toml')
-rw-r--r-- | deny.toml | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..ad52788 --- /dev/null +++ b/deny.toml @@ -0,0 +1,78 @@ +# Note that all fields that take a lint level have these possible values: +# * deny - An error will be produced and the check will fail +# * warn - A warning will be produced, but the check will not fail +# * allow - No warning or error will be produced, though in some cases a note +# will be + +[advisories] +db-path = "~/.cargo/advisory-db" +db-urls = ["https://github.com/rustsec/advisory-db"] +vulnerability = "deny" +unmaintained = "warn" +yanked = "allow" +notice = "warn" +ignore = [ + "RUSTSEC-2020-0027", + "RUSTSEC-2020-0071", + "RUSTSEC-2020-0159", + "RUSTSEC-2021-0072", + "RUSTSEC-2021-0078", + "RUSTSEC-2021-0079", + "RUSTSEC-2021-0124", +] + +[licenses] +unlicensed = "deny" +allow = [ + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "BSD-3-Clause", + "ISC", + "LicenseRef-ring", + "MIT", +] +deny = [ + #"Nokia", +] +copyleft = "allow" +default = "deny" +exceptions = [ + # Each entry is the crate and version constraint, and its specific allow + # list + #{ allow = ["Zlib"], name = "adler32", version = "*" }, +] + +[[licenses.clarify]] +name = "ring" +expression = "LicenseRef-ring" +license-files = [ + { path = "LICENSE", hash = 0xbd0eed23 }, +] + +[bans] +multiple-versions = "allow" +wildcards = "allow" +highlight = "all" +allow = [ + #{ name = "ansi_term", version = "=0.11.0" }, +] +deny = [ + # Each entry the name of a crate and a version range. If version is + # not specified, all versions will be matched. + #{ name = "ansi_term", version = "=0.11.0" }, + # + # Wrapper crates can optionally be specified to allow the crate when it + # is a direct dependency of the otherwise banned crate + #{ name = "ansi_term", version = "=0.11.0", wrappers = [] }, +] +skip = [ + #{ name = "ansi_term", version = "=0.11.0" }, +] +skip-tree = [ + #{ name = "ansi_term", version = "=0.11.0", depth = 20 }, +] + +[sources] +unknown-registry = "warn" +unknown-git = "warn" +allow-git = [] |