-
Notifications
You must be signed in to change notification settings - Fork 236
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4663 from driftluo/remove-deny-with-sqlx
chore: remove deny with sqlx
- Loading branch information
Showing
8 changed files
with
445 additions
and
257 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,13 +23,13 @@ | |
# dependencies not shared by any other crates, would be ignored, as the target | ||
# list here is effectively saying which targets you are building for. | ||
targets = [ | ||
# The triple can be any string, but only the target triples built in to | ||
# rustc (as of 1.40) can be checked against actual config expressions | ||
#"x86_64-unknown-linux-musl", | ||
# You can also specify which target_features you promise are enabled for a | ||
# particular target. target_features are currently not validated against | ||
# the actual valid features supported by the target architecture. | ||
#{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, | ||
# The triple can be any string, but only the target triples built in to | ||
# rustc (as of 1.40) can be checked against actual config expressions | ||
#"x86_64-unknown-linux-musl", | ||
# You can also specify which target_features you promise are enabled for a | ||
# particular target. target_features are currently not validated against | ||
# the actual valid features supported by the target architecture. | ||
#{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, | ||
] | ||
# When creating the dependency graph used as the source of truth when checks are | ||
# executed, this field can be used to prune crates from the graph, removing them | ||
|
@@ -70,23 +70,13 @@ feature-depth = 1 | |
# A list of advisory IDs to ignore. Note that ignored advisories will still | ||
# output a note when they are encountered. | ||
ignore = [ | ||
# https://rustsec.org/advisories/RUSTSEC-2024-0363 | ||
# https://github.com/launchbadge/sqlx/issues/3440 | ||
# The queries for the rich indexer receive input parameters via RPC, and the data size is far less than 4GB, so this issue can be temporarily ignored while waiting for sqlx to be fixed. | ||
"RUSTSEC-2024-0363", | ||
# https://rustsec.org/advisories/RUSTSEC-2022-0090 | ||
# It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's `printf` function. | ||
"RUSTSEC-2022-0090", | ||
# https://rustsec.org/advisories/RUSTSEC-2024-0336 | ||
# `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input | ||
"RUSTSEC-2024-0336", | ||
# Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370 | ||
# proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email. | ||
"RUSTSEC-2024-0370" | ||
#"RUSTSEC-0000-0000", | ||
#{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, | ||
#"[email protected]", # you can also ignore yanked crate versions if you wish | ||
#{ crate = "[email protected]", reason = "you can specify why you are ignoring the yanked crate" }, | ||
# Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370 | ||
# proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email. | ||
"RUSTSEC-2024-0370", | ||
#"RUSTSEC-0000-0000", | ||
#{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, | ||
#"[email protected]", # you can also ignore yanked crate versions if you wish | ||
#{ crate = "[email protected]", reason = "you can specify why you are ignoring the yanked crate" }, | ||
] | ||
# If this is true, then cargo deny will use the git executable to fetch advisory database. | ||
# If this is false, then it uses a built-in git library. | ||
|
@@ -102,16 +92,16 @@ ignore = [ | |
# See https://spdx.org/licenses/ for list of possible licenses | ||
# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. | ||
allow = [ | ||
"MIT", | ||
"Apache-2.0", | ||
"MPL-2.0", | ||
"BSL-1.0", | ||
"BSD-3-Clause", | ||
"ISC", | ||
"CC0-1.0", | ||
"Unicode-DFS-2016", | ||
"OpenSSL" | ||
#"Apache-2.0 WITH LLVM-exception", | ||
"MIT", | ||
"Apache-2.0", | ||
"MPL-2.0", | ||
"BSL-1.0", | ||
"BSD-3-Clause", | ||
"ISC", | ||
"CC0-1.0", | ||
"Unicode-DFS-2016", | ||
"OpenSSL", | ||
#"Apache-2.0 WITH LLVM-exception", | ||
] | ||
# The confidence threshold for detecting a license from license text. | ||
# The higher the value, the more closely the license text must be to the | ||
|
@@ -121,9 +111,9 @@ confidence-threshold = 0.8 | |
# Allow 1 or more licenses on a per-crate basis, so that particular licenses | ||
# aren't accepted for every possible crate as with the normal allow list | ||
exceptions = [ | ||
# Each entry is the crate and version constraint, and its specific allow | ||
# list | ||
# { allow = ["Zlib"], crate = "adler32" }, | ||
# Each entry is the crate and version constraint, and its specific allow | ||
# list | ||
# { allow = ["Zlib"], crate = "adler32" }, | ||
] | ||
|
||
# Some crates don't have (easily) machine readable licensing information, | ||
|
@@ -140,8 +130,8 @@ expression = "MIT AND ISC AND OpenSSL" | |
# and the crate will be checked normally, which may produce warnings or errors | ||
# depending on the rest of your configuration | ||
license-files = [ | ||
# Each entry is a crate relative path, and the (opaque) hash of its contents | ||
{ path = "LICENSE", hash = 0xbd0eed23 } | ||
# Each entry is a crate relative path, and the (opaque) hash of its contents | ||
{ path = "LICENSE", hash = 0xbd0eed23 }, | ||
] | ||
|
||
[licenses.private] | ||
|
@@ -154,7 +144,7 @@ ignore = true | |
# is only published to private registries, and ignore is true, the crate will | ||
# not have its license(s) checked | ||
registries = [ | ||
#"https://sekretz.com/registry | ||
#"https://sekretz.com/registry | ||
] | ||
|
||
# This section is considered when running `cargo deny check bans`. | ||
|
@@ -181,16 +171,16 @@ workspace-default-features = "allow" | |
external-default-features = "allow" | ||
# List of crates that are allowed. Use with care! | ||
allow = [ | ||
#"[email protected]", | ||
#{ crate = "[email protected]", reason = "you can specify a reason it is allowed" }, | ||
#"[email protected]", | ||
#{ crate = "[email protected]", reason = "you can specify a reason it is allowed" }, | ||
] | ||
# List of crates to deny | ||
deny = [ | ||
#"[email protected]", | ||
#{ crate = "[email protected]", reason = "you can specify a reason it is banned" }, | ||
# Wrapper crates can optionally be specified to allow the crate when it | ||
# is a direct dependency of the otherwise banned crate | ||
#{ crate = "[email protected]", wrappers = ["this-crate-directly-depends-on-ansi_term"] }, | ||
#"[email protected]", | ||
#{ crate = "[email protected]", reason = "you can specify a reason it is banned" }, | ||
# Wrapper crates can optionally be specified to allow the crate when it | ||
# is a direct dependency of the otherwise banned crate | ||
#{ crate = "[email protected]", wrappers = ["this-crate-directly-depends-on-ansi_term"] }, | ||
] | ||
|
||
# List of features to allow/deny | ||
|
@@ -218,16 +208,16 @@ deny = [ | |
|
||
# Certain crates/versions that will be skipped when doing duplicate detection. | ||
skip = [ | ||
#"[email protected]", | ||
#{ crate = "[email protected]", reason = "you can specify a reason why it can't be updated/removed" }, | ||
#"[email protected]", | ||
#{ crate = "[email protected]", reason = "you can specify a reason why it can't be updated/removed" }, | ||
] | ||
# Similarly to `skip` allows you to skip certain crates during duplicate | ||
# detection. Unlike skip, it also includes the entire tree of transitive | ||
# dependencies starting at the specified crate, up to a certain depth, which is | ||
# by default infinite. | ||
skip-tree = [ | ||
#"[email protected]", # will be skipped along with _all_ of its direct and transitive dependencies | ||
#{ crate = "[email protected]", depth = 20 }, | ||
#"[email protected]", # will be skipped along with _all_ of its direct and transitive dependencies | ||
#{ crate = "[email protected]", depth = 20 }, | ||
] | ||
|
||
# This section is considered when running `cargo deny check sources`. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.