forked from eclipse-uprotocol/up-transport-zenoh-rust
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeny.toml
More file actions
63 lines (58 loc) · 2.7 KB
/
Copy pathdeny.toml
File metadata and controls
63 lines (58 loc) · 2.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# ********************************************************************************
# Copyright (c) 2025 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************/
# Config file for cargo deny
# For all options see https://github.com/EmbarkStudios/cargo-deny/blob/main/deny.template.toml
# If you add a license in the following section also consider changing about.toml
[licenses]
allow = [
"Apache-2.0",
"BSD-2-Clause",
"BSD-3-Clause",
# CDLA-Permissive-2.0 is not (yet) on the Eclipse Foundation's list of approved licenses
"CDLA-Permissive-2.0",
"EPL-2.0",
"ISC",
"MIT",
"MPL-2.0",
"OpenSSL",
# Unicode-3.0 is not (yet) on the Eclipse Foundation's list of approved licenses
# however, all of its predecessors are, thus we assume that 3.0 is also ok to use
"Unicode-3.0",
"Zlib",
]
private = { ignore = true }
unused-allowed-license = "allow"
[[licenses.clarify]]
crate = "ring@0.17.13"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0x70ac5d83 }]
[bans]
multiple-versions = "deny"
wildcards = "deny"
skip = [
{ crate = "base64@0.21.7", reason = "an outdated version that is still used by some crates we depend on" },
{ crate = "rustls-webpki@0.102.8", reason = "an outdated version that is still used by zenoh" },
]
skip-tree = [
{ crate = "hashbrown@0.14.5", reason = "an outdated version that is still used by some crates we depend on" },
{ crate = "rand@0.9.1", reason = "a newer version that is used by zenoh-link-quic" },
{ crate = "regex-automata@0.1.10", reason = "an outdated version that is still used by some other crates we depend on" },
{ crate = "rustix@0.38.44", reason = "an outdated version that is still used by the (soon to be renamed) protobuf crate" },
{ crate = "thiserror@1.0.69", reason = "an outdated version that is still used by some other crates we depend on" },
{ crate = "windows-sys", reason = "a foundational crate for many that bumps far too frequently to ever have a shared version" },
]
[advisories]
ignore = [
{ id = "RUSTSEC-2023-0071", reason = "there currently is no version of the rsa crate available that fixes this vulnerability" },
{ id = "RUSTSEC-2024-0436", reason = "there is no better alternative of the crate, and the codebase has been stable for a long time" },
]