# Configuration documentation: #  https://embarkstudios.github.io/cargo-deny/index.html [advisories] vulnerability = "deny" yanked = "deny" unmaintained = "warn" notice = "warn" ignore = [ # title: Potential segfault in the time crate # why needed: used by `chrono` # upstream issue: https://github.com/chronotope/chrono/issues/553 "RUSTSEC-2020-0071", # title: Potential segfault in `localtime_r` invocations # why needed: bug in `chrono` # upstream issue: https://github.com/chronotope/chrono/issues/499 "RUSTSEC-2020-0159", # title: Generated code can read and write out of bounds in safe code # why needed: part of `arrow` # upstream issue: https://github.com/google/flatbuffers/issues/6627 "RUSTSEC-2021-0122", # title: serde_cbor is unmaintained # why needed: used by `criterion` # upstream issue: https://github.com/bheisler/criterion.rs/issues/534 "RUSTSEC-2021-0127", ] [licenses] default = "allow" unlicensed = "allow" copyleft = "allow" [sources.allow-org] github = ["influxdata", "apache"] [bans] multiple-versions = "warn" deny = [ # We are using rustls as the TLS implementation, so we shouldn't be linking # in OpenSSL too. # # If you're hitting this, you might want to take a look at what new # dependencies you have introduced and check if there's a way to depend on # rustls instead of OpenSSL (tip: check the crate's feature flags). { name = "openssl-sys" } ]