summaryrefslogtreecommitdiffhomepage
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/deny.toml52
1 files changed, 23 insertions, 29 deletions
diff --git a/test/deny.toml b/test/deny.toml
index 319d82177a..e792575b77 100644
--- a/test/deny.toml
+++ b/test/deny.toml
@@ -1,18 +1,25 @@
+[graph]
+# cargo deny will only evaluate dependencies pulled in by these
+# targets (the ones we run the test runner on)
+targets = [
+ { triple = "x86_64-unknown-linux-gnu" },
+ { triple = "x86_64-pc-windows-gnu" },
+ { triple = "x86_64-apple-darwin" },
+ { triple = "aarch64-apple-darwin" }
+]
+
+
# This section is considered when running `cargo deny check advisories`
# More documentation for the advisories section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
version = 2 # https://github.com/EmbarkStudios/cargo-deny/pull/611
-db-path = "~/.cargo/advisory-db"
-db-urls = ["https://github.com/rustsec/advisory-db"]
-
+yanked = "deny"
ignore = [
# Ignored audit issues. This list should be kept short, and effort should be
# put into removing items from the list.
]
-#severity-threshold =
-
# This section is considered when running `cargo deny check licenses`
# More documentation for the licenses section can be found here:
@@ -20,27 +27,22 @@ ignore = [
[licenses]
version = 2 # https://github.com/EmbarkStudios/cargo-deny/pull/611
-# Adding a license here has to be done carefully. Should not be changed
-# by individual developers.
+# Adding a license here has to be done carefully. Should only be done by team leads.
allow = [
"GPL-3.0",
"Apache-2.0",
"MIT",
+ "MPL-2.0",
"WTFPL",
"ISC",
"BSD-3-Clause",
"BSD-2-Clause",
"CC0-1.0",
- "MPL-2.0",
# https://github.com/briansmith/ring/issues/902
"LicenseRef-ring",
"Unicode-DFS-2016"
]
-confidence-threshold = 0.8
-
-exceptions = []
-
[[licenses.clarify]]
name = "ring"
expression = "LicenseRef-ring"
@@ -50,7 +52,6 @@ license-files = [
[licenses.private]
ignore = false
-registries = []
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
@@ -64,12 +65,9 @@ allow = []
deny = [
{ name = "clap", version = "2" },
{ name = "clap", version = "3" },
- # `atty` is an unmaintained crate with a CVE: RUSTSEC-2021-0145
- { name = "atty" },
{ name = "time", version = "0.1"},
]
-skip = []
-skip-tree = []
+
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
@@ -77,20 +75,16 @@ skip-tree = []
[sources]
unknown-registry = "deny"
unknown-git = "deny"
-allow-registry = ["https://github.com/rust-lang/crates.io-index"]
-# If we need to temporarily depend on a git repository in our Rust dependency tree,
-# it has to be added here. We should try to keep this list minimal. Having git
-# dependencies is not recommended.
+
+# We should never depend on git repositories outside our own github organization.
+# We can't say anything about their availability. They might go away at any point
+# in time. Instead of using third party git repositories, always fork the repository
+# into our github organization and depend on that.
+#
+# But if possible, always avoid git dependencies and try to have the developers publish
+# releases to crates.io instead.
allow-git = []
[sources.allow-org]
# 1 or more github.com organizations to allow git sources for
github = ["mullvad"]
-
-[graph]
-targets = [
- { triple = "x86_64-unknown-linux-gnu" },
- { triple = "x86_64-pc-windows-gnu" },
- { triple = "x86_64-apple-darwin" },
- { triple = "aarch64-apple-darwin" }
-]