influxdb/deny.toml

# Configuration documentation:
#   https://embarkstudios.github.io/cargo-deny/index.html

[advisories]
vulnerability = "deny"
yanked = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
]
git-fetch-with-cli = true

[licenses]
allow-osi-fsf-free = "either"
copyleft = "deny"
unlicensed = "deny"
default = "deny"

exceptions = [
    # We should probably NOT bundle CA certs but use the OS ones.
    { name = "webpki-roots", allow = ["MPL-2.0"] },
]

[[licenses.clarify]]
name = "ring"
expression = "BSD-4-Clause AND ISC AND MIT AND OpenSSL"
license-files = [
    # https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/LICENSE
    { path = "LICENSE", hash = 0xbd0eed23 },
]

[sources.allow-org]
github = ["influxdata", "apache"]

[bans]
multiple-versions = "warn"
deny = [
    # We are using rustls as the TLS implementation, so we shouldn't be linking
    # in OpenSSL too.
    #
    # If you're hitting this, you might want to take a look at what new
    # dependencies you have introduced and check if there's a way to depend on
    # rustls instead of OpenSSL (tip: check the crate's feature flags).
    { name = "openssl-sys" },
    # We've decided to use the `humantime` crate to parse and generate friendly time formats; use
    # that rather than chrono-english.
    { name = "chrono-english" },
]
-												ci: cargo-deny config

Adds a config file for cargo-deny[1] that runs the following checks:

    * advisory-db[2] RUSTSEC checks for deps (like cargo-audit)
    * errors if a dependency has been "yanked" from crates.io
    * errors if attempting to use OpenSSL as a dependency.

The RUSTSEC checks copy over the whitelist from the current cargo-audit
config.

[1]: https://github.com/EmbarkStudios/cargo-deny
[2]: https://github.com/rustsec/advisory-db

											
										
										
											2022-03-07 15:20:55 +00:00
+								# Configuration documentation:
 								#   https://embarkstudios.github.io/cargo-deny/index.html
 								[advisories]
 								vulnerability = "deny"
 								yanked = "deny"
 								unmaintained = "warn"
 								notice = "warn"
 								ignore = [
 								]
-												ci: simplify cargo deny (#4640)

Taken from https://github.com/influxdata/object_store_rs/pull/5

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
											
										
										
											2022-05-19 09:51:15 +00:00
+								git-fetch-with-cli = true
-												ci: cargo-deny config

Adds a config file for cargo-deny[1] that runs the following checks:

    * advisory-db[2] RUSTSEC checks for deps (like cargo-audit)
    * errors if a dependency has been "yanked" from crates.io
    * errors if attempting to use OpenSSL as a dependency.

The RUSTSEC checks copy over the whitelist from the current cargo-audit
config.

[1]: https://github.com/EmbarkStudios/cargo-deny
[2]: https://github.com/rustsec/advisory-db

											
										
										
											2022-03-07 15:20:55 +00:00
 								[licenses]
-												chore: deny unknown and copyleft licenses (#7556)

I just don't wanna rip out parts of our software stack because
someone gets cold feet.

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
											
										
										
											2023-04-17 08:08:48 +00:00
+								allow-osi-fsf-free = "either"
 								copyleft = "deny"
 								unlicensed = "deny"
 								default = "deny"
 								exceptions = [
 								    # We should probably NOT bundle CA certs but use the OS ones.
 								    { name = "webpki-roots", allow = ["MPL-2.0"] },
 								]
 								[[licenses.clarify]]
 								name = "ring"
 								expression = "BSD-4-Clause AND ISC AND MIT AND OpenSSL"
 								license-files = [
 								    # https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/LICENSE
 								    { path = "LICENSE", hash = 0xbd0eed23 },
 								]
-												ci: cargo-deny config

Adds a config file for cargo-deny[1] that runs the following checks:

    * advisory-db[2] RUSTSEC checks for deps (like cargo-audit)
    * errors if a dependency has been "yanked" from crates.io
    * errors if attempting to use OpenSSL as a dependency.

The RUSTSEC checks copy over the whitelist from the current cargo-audit
config.

[1]: https://github.com/EmbarkStudios/cargo-deny
[2]: https://github.com/rustsec/advisory-db

											
										
										
											2022-03-07 15:20:55 +00:00
 								[sources.allow-org]
 								github = ["influxdata", "apache"]
 								[bans]
 								multiple-versions = "warn"
 								deny = [
 								    # We are using rustls as the TLS implementation, so we shouldn't be linking
 								    # in OpenSSL too.
 								    #
 								    # If you're hitting this, you might want to take a look at what new
 								    # dependencies you have introduced and check if there's a way to depend on
 								    # rustls instead of OpenSSL (tip: check the crate's feature flags).
-												fix: Add chrono-english to the cargo-deny config to avoid pulling it in again in the future

											
										
										
											2023-05-01 15:15:02 +00:00
+								    { name = "openssl-sys" },
 								    # We've decided to use the `humantime` crate to parse and generate friendly time formats; use
 								    # that rather than chrono-english.
 								    { name = "chrono-english" },
-												ci: cargo-deny config

Adds a config file for cargo-deny[1] that runs the following checks:

    * advisory-db[2] RUSTSEC checks for deps (like cargo-audit)
    * errors if a dependency has been "yanked" from crates.io
    * errors if attempting to use OpenSSL as a dependency.

The RUSTSEC checks copy over the whitelist from the current cargo-audit
config.

[1]: https://github.com/EmbarkStudios/cargo-deny
[2]: https://github.com/rustsec/advisory-db

											
										
										
											2022-03-07 15:20:55 +00:00
+								]