50 lines
1.4 KiB
TOML
50 lines
1.4 KiB
TOML
# Configuration documentation:
|
||
# https://embarkstudios.github.io/cargo-deny/index.html
|
||
|
||
[advisories]
|
||
vulnerability = "deny"
|
||
yanked = "deny"
|
||
unmaintained = "warn"
|
||
notice = "warn"
|
||
ignore = [
|
||
# title: Potential segfault in the time crate
|
||
# why needed: used by `chrono`
|
||
# upstream issue: https://github.com/chronotope/chrono/issues/553
|
||
"RUSTSEC-2020-0071",
|
||
|
||
# title: Potential segfault in `localtime_r` invocations
|
||
# why needed: bug in `chrono`
|
||
# upstream issue: https://github.com/chronotope/chrono/issues/499
|
||
"RUSTSEC-2020-0159",
|
||
|
||
# title: Generated code can read and write out of bounds in safe code
|
||
# why needed: part of `arrow`
|
||
# upstream issue: https://github.com/google/flatbuffers/issues/6627
|
||
"RUSTSEC-2021-0122",
|
||
|
||
# title: serde_cbor is unmaintained
|
||
# why needed: used by `criterion`
|
||
# upstream issue: https://github.com/bheisler/criterion.rs/issues/534
|
||
"RUSTSEC-2021-0127",
|
||
]
|
||
|
||
[licenses]
|
||
default = "allow"
|
||
unlicensed = "allow"
|
||
copyleft = "allow"
|
||
|
||
[sources.allow-org]
|
||
github = ["influxdata", "apache"]
|
||
|
||
[bans]
|
||
multiple-versions = "warn"
|
||
deny = [
|
||
# We are using rustls as the TLS implementation, so we shouldn't be linking
|
||
# in OpenSSL too.
|
||
#
|
||
# If you're hitting this, you might want to take a look at what new
|
||
# dependencies you have introduced and check if there's a way to depend on
|
||
# rustls instead of OpenSSL (tip: check the crate's feature flags).
|
||
{ name = "openssl-sys" }
|
||
]
|