# Configuration documentation: #  https://embarkstudios.github.io/cargo-deny/index.html [advisories] yanked = "deny" ignore = [ # dependent on datafusion-common moving away from instant # https://github.com/apache/datafusion/pull/13355 "RUSTSEC-2024-0384", ] git-fetch-with-cli = true [licenses] allow = [ "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "BSD-4-Clause", "CC0-1.0", "ISC", "MIT", "Unicode-3.0", "Zlib", ] exceptions = [ # We should probably NOT bundle CA certs but use the OS ones. { name = "webpki-roots", allow = ["MPL-2.0"] }, { allow = ["OpenSSL"], name = "ring" }, ] [[licenses.clarify]] name = "ring" expression = "BSD-4-Clause AND ISC AND MIT AND OpenSSL" license-files = [ # https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/LICENSE { path = "LICENSE", hash = 0xbd0eed23 }, ] [sources.allow-org] github = ["influxdata"] [bans] multiple-versions = "warn" deny = [ # We are using rustls as the TLS implementation, so we shouldn't be linking # in OpenSSL too. # # If you're hitting this, you might want to take a look at what new # dependencies you have introduced and check if there's a way to depend on # rustls instead of OpenSSL (tip: check the crate's feature flags). { name = "openssl-sys" }, # We've decided to use the `humantime` crate to parse and generate friendly time formats; use # that rather than chrono-english. { name = "chrono-english" }, ]