-
Notifications
You must be signed in to change notification settings - Fork 35
/
deny.toml
182 lines (152 loc) · 5.79 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
# https://github.com/EmbarkStudios/cargo-deny/pull/611
version = 2
yanked = "deny"
ignore = [
{ id = "RUSTSEC-2024-0370", reason = "crate is unmaintained. This needs `arrow_convert` to use an alternative to `err-derive`" },
{ id = "RUSTSEC-2024-0384", reason = "`instant` crate is unmaintained. The dependency comes from datafusion" },
]
[licenses]
version = 2
allow = [
"MIT",
"MIT-0",
"Apache-2.0",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"BSL-1.0",
"OpenSSL",
"MPL-2.0",
"CC0-1.0",
"Zlib",
"Unicode-3.0"
]
# The confidence threshold for detecting a license from license text.
# The higher the value, the more closely the license text must be to the
# canonical license text of a valid SPDX license file.
# [possible values: any between 0.0 and 1.0].
confidence-threshold = 0.8
[[licenses.exceptions]]
# Ignore Unicode-DFS-2016 because we don't bundle the generated files from
# the unicode-ident dependency. See https://github.com/dtolnay/unicode-ident/pull/9/files
allow = ["Unicode-DFS-2016"]
name = "unicode-ident"
version = "1.0.6"
[[licenses.exceptions]]
# We are using inferno as part of the benchmarks crate that does not get released.
# Only modifications to inferno would have to made available under the CDDL:
# See https://fossa.com/blog/open-source-licenses-101-cddl-common-development-distribution-license/ and
# https://opensource.stackexchange.com/questions/8265/cddl-library-and-closed-source-application.
allow = ["CDDL-1.0"]
name = "inferno"
version = "0.11"
[[licenses.clarify]]
name = "ring"
# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
# https://spdx.org/licenses/OpenSSL.html
# ISC - Both BoringSSL and ring use this for their new files
# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
# license, for third_party/fiat, which, unlike other third_party directories, is
# compiled into non-test libraries, is included below."
# OpenSSL - Obviously
expression = "ISC AND MIT AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
[licenses.private]
# If true, ignores workspace crates that aren't published, or are only
# published to private registries.
# To see how to mark a crate as unpublished (to the official registry),
# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
ignore = true
# One or more private registries that you might publish crates to, if a crate
# is only published to private registries, and ignore is true, the crate will
# not have its license(s) checked
registries = []
[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "all"
allow = []
skip = [
# It's ok to ignore these dependencies, as they're resolved but we never use them,
# since we don't target Windows, nor HermitCore. We have a couple of transitive dependencies
# requiring windows and hermit syscalls with conflicting version.
# Also see https://github.com/rust-lang/cargo/issues/1197
{ name = "windows-sys" },
{ name = "windows-targets" },
{ name = "windows_x86_64_msvc" },
{ name = "windows_x86_64_gnullvm" },
{ name = "windows_aarch64_gnullvm" },
{ name = "windows_x86_64_gnu" },
{ name = "windows_i686_gnu" },
{ name = "windows_i686_msvc" },
{ name = "windows_aarch64_msvc" },
{ name = "hermit-abi" },
# Clash between prost-reflect and tracing_instrumentation
{ name = "ordered-float" },
# Clash between criterion clap dependency and our own
{ name = "clap" },
{ name = "clap_lex" },
{ name = "clap_derive" },
# Clash between tonic clap dependency (outdated) and hyper-rustls and prost-reflect
{ name = "base64" },
# The following is an internal dependecy needed by librocksdb-sys
{ name = "syn" },
# The following is a dev and build dependecy used by tempfile but clashes with open telemetry.
{ name = "redox_syscall"},
# Clash between criterion dependency and datafusion dependency
{ name = "half" },
# Clash between datafusion async-compression dependency and datafusion zstd dependency
{ name = "zstd-safe"},
{ name = "zstd"},
# Clash between datafusion and arrow
{ name = "hashbrown"},
# Clash between datafusion and invoker
{ name = "tokio-rustls"},
# Clash between rocksdb bindgen and prost-build
{ name = "prettyplease"},
# Clash between our own and opentelemetry-otlp's Tonic dependency :-(
{ name = "tonic" },
# Clash between tracing-subscriber and datafusion :-(
{ name = "regex-syntax" },
# Clash between pprof and datafusion :-(
{ name = "quick-xml" },
# Clash with criterion
{ name = "itertools" },
# Clash between datafusion-expr and arrow
{ name = "strum"},
{ name = "strum_macros"},
# Clash between pgwire and arrow
{name = "time"},
# clash between datafusion and arrow
{name = "wasi"},
# clash between rdkafka and many other libraries
{name = "indexmap"},
# clash between prost and otel libraries
{name = "prost"},
{name = "prost-derive"},
# clash between aws-config and datafusion
{name = "fastrand"},
# clash between aws-config and pgwire
{name = "untrusted"},
{name = "spin"},
{name = "ring"}
]
deny = [
# Use rustls instead of openssl-sys since it is assumed to be more secure
{ name = "openssl-sys" }
]
[sources]
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = [
"https://github.com/restatedev/rust-rocksdb.git",
]
[sources.allow-org]
# 1 or more github.com organizations to allow git sources for
github = ["restatedev"]