Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/deny.toml

50 lines
1.4 KiB
TOML
Raw Normal View History

ci: cargo-deny config Adds a config file for cargo-deny[1] that runs the following checks: * advisory-db[2] RUSTSEC checks for deps (like cargo-audit) * errors if a dependency has been "yanked" from crates.io * errors if attempting to use OpenSSL as a dependency. The RUSTSEC checks copy over the whitelist from the current cargo-audit config. [1]: https://github.com/EmbarkStudios/cargo-deny [2]: https://github.com/rustsec/advisory-db
2022-03-07 15:20:55 +00:00
# Configuration documentation:
#  https://embarkstudios.github.io/cargo-deny/index.html
[advisories]
vulnerability = "deny"
yanked = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
# title: Potential segfault in the time crate
# why needed: used by `chrono`
# upstream issue: https://github.com/chronotope/chrono/issues/553
"RUSTSEC-2020-0071",
# title: Potential segfault in `localtime_r` invocations
# why needed: bug in `chrono`
# upstream issue: https://github.com/chronotope/chrono/issues/499
"RUSTSEC-2020-0159",
# title: Generated code can read and write out of bounds in safe code
# why needed: part of `arrow`
# upstream issue: https://github.com/google/flatbuffers/issues/6627
"RUSTSEC-2021-0122",
# title: serde_cbor is unmaintained
# why needed: used by `criterion`
# upstream issue: https://github.com/bheisler/criterion.rs/issues/534
"RUSTSEC-2021-0127",
]
[licenses]
default = "allow"
unlicensed = "allow"
copyleft = "allow"
[sources.allow-org]
github = ["influxdata", "apache"]
[bans]
multiple-versions = "warn"
deny = [
# We are using rustls as the TLS implementation, so we shouldn't be linking
# in OpenSSL too.
#
# If you're hitting this, you might want to take a look at what new
# dependencies you have introduced and check if there's a way to depend on
# rustls instead of OpenSSL (tip: check the crate's feature flags).
{ name = "openssl-sys" }
]