Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/deny.toml

50 lines
1.5 KiB
TOML
Raw Normal View History

ci: cargo-deny config Adds a config file for cargo-deny[1] that runs the following checks: * advisory-db[2] RUSTSEC checks for deps (like cargo-audit) * errors if a dependency has been "yanked" from crates.io * errors if attempting to use OpenSSL as a dependency. The RUSTSEC checks copy over the whitelist from the current cargo-audit config. [1]: https://github.com/EmbarkStudios/cargo-deny [2]: https://github.com/rustsec/advisory-db
2022-03-07 15:20:55 +00:00
# Configuration documentation:
#  https://embarkstudios.github.io/cargo-deny/index.html
[advisories]
vulnerability = "deny"
yanked = "deny"
unmaintained = "warn"
notice = "warn"
ignore = [
# title: Potential segfault in the time crate
# why needed: used by `chrono`
# upstream issue: https://github.com/chronotope/chrono/issues/553
"RUSTSEC-2020-0071",
ci: whitelist RUSTSEC-2021-0145 atty is used by criterion and mockito, both dev-only dependencies.
2023-01-09 15:16:04 +00:00
# potential unalinged read in atty
# https://rustsec.org/advisories/RUSTSEC-2021-0145
# Acceptable because only dependencies are dev/test (not used in prod code).
"RUSTSEC-2021-0145",
chore: ignore `RUSTSEC-2022-0090` (#6983)
2023-02-14 15:12:11 +00:00
# "It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large
# string were input into SQLite's printf function."
#
# We are not using `printf` with untrusted inputs.
#
# This is currently blocked by upstream:
# https://github.com/launchbadge/sqlx/issues/2346
"RUSTSEC-2022-0090",
ci: cargo-deny config Adds a config file for cargo-deny[1] that runs the following checks: * advisory-db[2] RUSTSEC checks for deps (like cargo-audit) * errors if a dependency has been "yanked" from crates.io * errors if attempting to use OpenSSL as a dependency. The RUSTSEC checks copy over the whitelist from the current cargo-audit config. [1]: https://github.com/EmbarkStudios/cargo-deny [2]: https://github.com/rustsec/advisory-db
2022-03-07 15:20:55 +00:00
]
ci: simplify cargo deny (#4640) Taken from https://github.com/influxdata/object_store_rs/pull/5 Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2022-05-19 09:51:15 +00:00
git-fetch-with-cli = true
ci: cargo-deny config Adds a config file for cargo-deny[1] that runs the following checks: * advisory-db[2] RUSTSEC checks for deps (like cargo-audit) * errors if a dependency has been "yanked" from crates.io * errors if attempting to use OpenSSL as a dependency. The RUSTSEC checks copy over the whitelist from the current cargo-audit config. [1]: https://github.com/EmbarkStudios/cargo-deny [2]: https://github.com/rustsec/advisory-db
2022-03-07 15:20:55 +00:00
[licenses]
default = "allow"
unlicensed = "allow"
copyleft = "allow"
[sources.allow-org]
github = ["influxdata", "apache"]
[bans]
multiple-versions = "warn"
deny = [
# We are using rustls as the TLS implementation, so we shouldn't be linking
# in OpenSSL too.
#
# If you're hitting this, you might want to take a look at what new
# dependencies you have introduced and check if there's a way to depend on
# rustls instead of OpenSSL (tip: check the crate's feature flags).
{ name = "openssl-sys" }
]