forked from MaterializeInc/materialize
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeny.toml
85 lines (76 loc) · 2.82 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
[advisories]
ignore = [
# See: https://github.com/MaterializeInc/materialize/issues/6244
#
# The "vulnerability" here is just a DoS via excessive CPU and memory usage
# on large inputs, which is not a concern for our threat model.
"RUSTSEC-2021-0041"
]
[bans]
multiple-versions = "deny"
skip = [
# Do not add to this list without good reason! Duplicate dependencies slow
# down compilation and bloat the binary.
# Waiting for clap to upgrade to v0.12.
{ name = "ansi_term", version = "0.11.0" },
# Waiting for clap to upgrade to v0.10.
{ name = "strsim", version = "0.8.0" },
# Waiting on:
# - Upgrade to rand v0.8.
{ name = "cfg-if", version = "0.1.0" },
# Waiting on phf to upgrade to rand v0.8.
{ name = "getrandom", version = "0.1" },
{ name = "rand", version = "0.7.3" },
{ name = "rand_chacha", version = "0.2.2" },
{ name = "rand_core", version = "0.5.1" },
{ name = "rand_hc", version = "0.2.0" },
{ name = "wasi", version = "0.10.0+wasi-snapshot-preview1" },
# Introduced by mysql_async (need time 0.3.0 to remove stdweb dependency)
# = semver-parser v0.7.0
# └── semver v0.9.0
# └── rustc_version v0.2.3
# └── (build) stdweb v0.4.20
# └── time v0.2.26
# └── mysql_common v0.26.0
# └── mysql_async v0.27.1
# └── debezium-mysql-gen v0.0.0
{ name = "semver", version = "0.9.0"},
{ name = "semver-parser", version = "0.7.0"},
{ name = "rustc_version", version = "0.3.0"},
# Waiting on parse_duration.
{ name = "num-bigint", version = "0.2.6" },
# Waiting on https://github.com/hyperium/headers/pull/83.
{ name = "time", version = "0.1.44" },
]
deny = [
# Strum has suspect code quality and includes many unneeded features. Use
# more targeted enum macro crates, e.g. `enum-kinds`.
{ name = "strum" },
{ name = "strum-macros" },
]
[licenses]
allow = [
"Apache-2.0",
"CC0-1.0",
"BSD-2-Clause",
"BSD-3-Clause",
"ICU",
"ISC",
"MIT",
]
private = { ignore = true }
[sources]
unknown-git = "deny"
unknown-registry = "deny"
allow-git = [
"https://github.com/MaterializeInc/pubnub-rust.git",
# Until https://github.com/sfackler/rust-postgres/pull/752 is merged and released
"https://github.com/MaterializeInc/rust-postgres.git",
"https://github.com/MaterializeInc/rust-postgres-array.git",
"https://github.com/MaterializeInc/rust-prometheus.git",
"https://github.com/MaterializeInc/serde-protobuf.git",
"https://github.com/TimelyDataflow/timely-dataflow",
"https://github.com/TimelyDataflow/differential-dataflow.git",
"https://github.com/fede1024/rust-rdkafka.git",
"https://github.com/rusoto/rusoto.git"
]