-
Notifications
You must be signed in to change notification settings - Fork 59
Expand file tree
/
Copy pathdeny.toml
More file actions
47 lines (43 loc) · 1.65 KB
/
deny.toml
File metadata and controls
47 lines (43 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Cargo-deny configuration for wassette
# Documentation: https://embarkstudios.github.io/cargo-deny/
# Advisory database configuration
[advisories]
# Ignore list for known issues that are acceptable
ignore = [
# paste crate is unmaintained but still widely used and safe
{ id = "RUSTSEC-2024-0436", reason = "paste crate is unmaintained but still widely used and safe" },
# rustls-pemfile is unmaintained but pulled in transitively by testcontainers -> bollard
# Migration to rustls-pki-types is recommended but depends on upstream updates
{ id = "RUSTSEC-2025-0134", reason = "rustls-pemfile is transitively required by testcontainers and still safe despite being unmaintained" },
# fxhash is unmaintained but still widely used and safe; pulled in transitively by wasmtime
{ id = "RUSTSEC-2025-0057", reason = "fxhash is transitively required by wasmtime and still safe despite being unmaintained" },
]
# License checking configuration
[licenses]
# Explicitly allowed licenses - OSI approved and commonly used licenses
allow = [
"MIT",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"MPL-2.0",
"OpenSSL",
"Zlib",
"Unicode-3.0",
"CDLA-Permissive-2.0",
]
confidence-threshold = 0.8
# Dependency bans configuration
[bans]
# Allow multiple versions with warnings (common in large dependency graphs)
multiple-versions = "warn"
# Allow wildcard version requirements
wildcards = "allow"
# Source checking configuration
[sources]
# Only allow crates from crates.io
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
unknown-registry = "deny"
unknown-git = "deny"