50 lines
1.5 KiB
TOML
50 lines
1.5 KiB
TOML
# Configuration documentation:
|
||
# https://embarkstudios.github.io/cargo-deny/index.html
|
||
|
||
[advisories]
|
||
vulnerability = "deny"
|
||
yanked = "deny"
|
||
unmaintained = "warn"
|
||
notice = "warn"
|
||
ignore = [
|
||
# title: Potential segfault in the time crate
|
||
# why needed: used by `chrono`
|
||
# upstream issue: https://github.com/chronotope/chrono/issues/553
|
||
"RUSTSEC-2020-0071",
|
||
|
||
# potential unalinged read in atty
|
||
# https://rustsec.org/advisories/RUSTSEC-2021-0145
|
||
# Acceptable because only dependencies are dev/test (not used in prod code).
|
||
"RUSTSEC-2021-0145",
|
||
|
||
# "It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large
|
||
# string were input into SQLite's printf function."
|
||
#
|
||
# We are not using `printf` with untrusted inputs.
|
||
#
|
||
# This is currently blocked by upstream:
|
||
# https://github.com/launchbadge/sqlx/issues/2346
|
||
"RUSTSEC-2022-0090",
|
||
]
|
||
git-fetch-with-cli = true
|
||
|
||
[licenses]
|
||
default = "allow"
|
||
unlicensed = "allow"
|
||
copyleft = "allow"
|
||
|
||
[sources.allow-org]
|
||
github = ["influxdata", "apache"]
|
||
|
||
[bans]
|
||
multiple-versions = "warn"
|
||
deny = [
|
||
# We are using rustls as the TLS implementation, so we shouldn't be linking
|
||
# in OpenSSL too.
|
||
#
|
||
# If you're hitting this, you might want to take a look at what new
|
||
# dependencies you have introduced and check if there's a way to depend on
|
||
# rustls instead of OpenSSL (tip: check the crate's feature flags).
|
||
{ name = "openssl-sys" }
|
||
]
|