0682d6dcea
- Add `deny.toml` for `cargo deny` with advisory error for `RUSTSEC- 2020-0071` disabled as it does not affect chrono (or us for that matter). Allow multiple versions as there is not much we can do about those anyways and it clutters the output immensely. Add all currently used licenses to allow list. Deny the use of `ring` as it does not have a responsible disclosure policy: https://github.com/briansmith/ring#bug-reporting - Run `cargo deny` as further `test` step in GitLab CI, so that it is among the last things that may fail in a merge request.
32 lines
497 B
TOML
32 lines
497 B
TOML
[advisories]
|
|
ignore = [
|
|
"RUSTSEC-2020-0071", # chrono not affected by time 0.1 issue
|
|
]
|
|
unmaintained = "deny"
|
|
yanked = "deny"
|
|
|
|
[bans]
|
|
multiple-versions = "allow"
|
|
deny = [
|
|
# does not have responsible disclosure policy:
|
|
# https://github.com/briansmith/ring#bug-reporting
|
|
{name = "ring"},
|
|
]
|
|
|
|
[licenses]
|
|
allow = [
|
|
"Apache-2.0",
|
|
"BSD-3-Clause",
|
|
"BSL-1.0",
|
|
"CC0-1.0",
|
|
"GPL-2.0",
|
|
"GPL-3.0",
|
|
"ISC",
|
|
"LGPL-2.0",
|
|
"LGPL-3.0",
|
|
"MIT",
|
|
"MIT-0",
|
|
"MPL-2.0",
|
|
"Unicode-DFS-2016",
|
|
]
|