forked from surrealdb/surrealdb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deny.toml
148 lines (125 loc) · 4.15 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# See all available configuration options at:
# https://embarkstudios.github.io/cargo-deny/index.html
# --------------------------------------------------
# General
# --------------------------------------------------
# If true, metadata will be collected with `--all-features`
all-features = true
# If true, metadata will be collected with `--no-default-features`
no-default-features = true
# --------------------------------------------------
# BANS
# --------------------------------------------------
[bans]
# The graph highlighting used when creating dotgraphs for crates.
highlight = "all"
# The lint level for when a crate version requirement is set to `*`.
wildcards = "deny"
# Lint level for when multiple versions of the same crate are detected.
multiple-versions = "allow"
# The default lint level for `default` features for workspace crates.
workspace-default-features = "allow"
# The default lint level for `default` features for external crates.
external-default-features = "allow"
# --------------------------------------------------
# SOURCES
# --------------------------------------------------
[sources]
# What to do when encountering a repository from a host not in the allow list.
unknown-git = "deny"
# What to do when encountering a crate from a registry not in the allow list.
unknown-registry = "deny"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = []
# --------------------------------------------------
# ADVISORIES
# --------------------------------------------------
[advisories]
# The url(s) of the advisory databases to use.
db-urls = ["https://github.com/rustsec/advisory-db"]
# The path where the advisory database is cloned/fetched into.
db-path = "~/.cargo/advisory-db"
# The lint level for security vulnerabilities.
vulnerability = "deny"
# The lint level for crates which are unmaintained.
unmaintained = "warn"
# The lint level for crates that have been yanked.
yanked = "warn"
# The lint level for crates with security notices.
notice = "warn"
# Threshold for security vulnerabilities: None, Low, Medium, High, Critical.
severity-threshold = "None"
# A list of security advisory identifiers to ignore.
ignore = [
# Will be resolved once "surrealdb-jsonwebtoken", a temporary fork
# of "jsonwebtoken", is replaced by the upstream version which no
# longer uses the affected "rsa" crate.
"RUSTSEC-2023-0071",
]
# --------------------------------------------------
# LICENSES
# --------------------------------------------------
[licenses]
# Deny licenses which are not listed here explicitly.
default = "deny"
# Lint level for licenses which are considered copyleft.
copyleft = "warn"
# Deny source code which does not have a license specified.
unlicensed = "deny"
# List of explicitly allowed licenses from https://spdx.org/licenses
allow = [
"MIT",
"ISC",
"Zlib",
"BSL-1.0",
"CC0-1.0",
"MPL-2.0",
"Apache-2.0",
"BSD-3-Clause",
"Unlicense",
]
# The confidence threshold for detecting a license from license text.
confidence-threshold = 0.95
# Allow specific licenses on a per-crate basis, instead of globally.
[[licenses.exceptions]]
name = "ring"
allow = ["OpenSSL"]
[[licenses.exceptions]]
name = "surreal"
allow = ["BUSL-1.1"]
[[licenses.exceptions]]
name = "surrealdb"
allow = ["BUSL-1.1"]
[[licenses.exceptions]]
name = "surrealdb-core"
allow = ["BUSL-1.1"]
[[licenses.exceptions]]
name = "surrealml-core"
allow = ["Apache-2.0"]
[[licenses.exceptions]]
name = "unicode-ident"
allow = ["Unicode-DFS-2016"]
# Specify overrides for crates where licenses are hard to guess.
[[licenses.clarify]]
name = "surreal"
expression = "BUSL-1.1"
license-files = []
[[licenses.clarify]]
name = "surrealdb"
expression = "BUSL-1.1"
license-files = []
[[licenses.clarify]]
name = "surrealdb-core"
expression = "BUSL-1.1"
license-files = []
[[licenses.clarify]]
name = "surrealml-core"
expression = "Apache-2.0"
license-files = []
[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]