chore: Add "LGPL-3.0-only" to allowed licenses

[grahamking]

And silence cargo-deny warnings about multiple versions of a crate, often nothing we can do about that.

Strangely I only got this warning locally, not in CI.

Summary by CodeRabbit

Release Notes

• Chores
  • Updated GitHub Actions workflow configuration for Rust dependency checks
  • Added LGPL-3.0-only to the list of permitted licenses

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request updates GitHub Actions workflow configuration and dependency license policies. The cargo-deny command adds an error-level log flag, and the deny.toml file permits LGPL-3.0-only licenses in the allow list.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/pre-merge-rust.yml	Added -L error flag to cargo-deny command to set error-level logging output
License Policy Configuration deny.toml	Added "LGPL-3.0-only" to the licenses allow list, expanding permitted open-source licenses

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A little config tweak here and there,
A license added with care,
Cargo-deny speaks with clearer voice,
LGPL joins the rightful choice! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete and lacks the required template structure with Overview, Details, Where should reviewer start, and Related Issues sections.	Restructure the description to follow the repository template with proper sections: Overview, Details, Where should the reviewer start, and Related Issues.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding 'LGPL-3.0-only' to the allowed licenses list in deny.toml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@deny.toml`:
- Line 38: The repo currently lists "LGPL-3.0-only" in deny.toml; obtain
explicit legal sign‑off for permitting LGPL‑3.0‑only distribution and then
document that approval and required compliance steps: (1) add the approver,
date, and scope of approval to the repo’s license policy (e.g., LICENSES.md or a
LICENSE_APPROVALS file), (2) enumerate required obligations for consumers
(relinkable object rules, static vs dynamic linking guidance, source/notice
obligations) and any build/packaging checklist, (3) update deny.toml or the
license policy to reflect the approved status of "LGPL-3.0-only" and link to the
approval record, and (4) adjust any CI/license-checker config to accept the
license only when the approval entry is present.

🧹 Nitpick comments (1)

.github/workflows/pre-merge-rust.yml (1)

78-78: Avoid suppressing all cargo‑deny warnings; use config-based allow instead.

The -L error flag suppresses all WARN-level logs, including legitimate cargo-deny warnings. Use the configuration file to explicitly allow multiple versions so other warnings remain visible.

♻️ Suggested adjustment

-        cargo-deny -L error --no-default-features check --hide-inclusion-graph licenses bans --config ${{ github.workspace }}/deny.toml
+        cargo-deny --no-default-features check --hide-inclusion-graph licenses bans --config ${{ github.workspace }}/deny.toml

 [bans]
+multiple-versions = "allow"
 deny = [
 	# Ensure we don't depend on openssl
     { name = "native-tls" },
     { name = "openssl-sys" },
 ]