forked from pola-rs/polars
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeny.toml
More file actions
67 lines (60 loc) · 2.21 KB
/
Copy pathdeny.toml
File metadata and controls
67 lines (60 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# https://embarkstudios.github.io/cargo-deny/checks/cfg.html
[advisories]
yanked = "deny"
ignore = [
# THESE ISSUES ARE ALLOW-LISTED HERE TO SILENCE THE CI TEMPORARILY
# THESE ISSUES NEED TO BE FIXED
# error[vulnerability]: AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
"RUSTSEC-2026-0044",
# error[vulnerability]: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
"RUSTSEC-2026-0045",
# error[vulnerability]: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
"RUSTSEC-2026-0046",
# error[vulnerability]: PKCS7_verify Signature Validation Bypass in AWS-LC
"RUSTSEC-2026-0047",
# error[vulnerability]: CRL Distribution Point Scope Check Logic Error in AWS-LC
"RUSTSEC-2026-0048",
# error[unmaintained]: Bincode is unmaintained
"RUSTSEC-2025-0141",
# error[vulnerability]: Quadratic run time when checking a start tag for duplicate attribute names in quick-xml
"RUSTSEC-2026-0194",
# error[vulnerability]: Unbounded namespace-declaration allocation in `NsReader` enables memory-exhaustion denial of service in quick-xml
"RUSTSEC-2026-0195",
]
[licenses]
allow = [
# Permissive, most common
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"MIT",
# Unicode data / text processing
"Unicode-3.0",
# Public domain / no-rights-reserved
"CC0-1.0",
# Other permissive / widely-used
"BSL-1.0",
"OpenSSL",
"Zlib",
]
[bans]
# Multiple versions of the same crate are allowed
multiple-versions = "allow"
# Wildcard dependency versions (`*`) are never acceptable, except for local path
# dependencies (workspace-internal crates that have no registry version)
wildcards = "deny"
allow-wildcard-paths = true
[sources]
# Reject crates from registries we have not explicitly approved
unknown-registry = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# Reject git dependencies unless they come from an approved repository.
# required = false suppresses the "unmatched-source" warning in workspaces that
# don't use a given patch (these patches are only active in compute-plane).
unknown-git = "deny"
allow-git = [
"https://github.com/kdn36/arrow-rs-object-store",
"https://github.com/pola-rs/jemallocator",
]