allow RUSTSEC-2023-0086

unavi-xyz · Sep 18, 2024 · 47a22c6 · 47a22c6
1 parent 3f752d0
commit 47a22c6
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 35 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,9 +1,6 @@
 [workspace]
 resolver = "2"
-members = [
-  "crates/*",
-  "wasm/*",
-]
+members = ["crates/*", "wasm/*"]
 
 [workspace.package]
 version = "0.0.6"
@@ -40,7 +37,7 @@ serde = { version = "1.0.197", features = ["derive"] }
 serde_json = "1.0.115"
 surrealdb = { version = "1.5.5", default-features = false }
 thiserror = "1.0.61"
-tokio = { version = "1.40.0", features = ["macros", "rt", "time"]}
+tokio = { version = "1.40.0", features = ["macros", "rt", "time"] }
 tracing = "0.1.40"
 tracing-test = "0.2.4"
 wasm-bindgen = "=0.2.92"

diff --git a/deny.toml b/deny.toml
@@ -10,28 +10,40 @@ targets = [
 [licenses]
 version = 2
 allow = [
-    "Apache-2.0 WITH LLVM-exception",
-    "Apache-2.0",
-    "BSD-2-Clause",
-    "BSD-3-Clause",
-    "BSL-1.0",
-    "CC0-1.0",
-    "ISC",
-    "MIT",
-    "MIT-0",
-    "MPL-2.0",
-    "Unlicense",
-    "Zlib",
-]
-exceptions = [
-    { allow = ["BUSL-1.1"], crate = "surrealdb" },
-    { allow = ["BUSL-1.1"], crate = "surrealdb-core" },
-    { allow = ["OpenSSL"], crate = "ring" },
-    { allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
-    { allow = ["W3C-20150513", "CC-BY-SA-3.0"], crate = "ssi-contexts" },
+  "Apache-2.0 WITH LLVM-exception",
+  "Apache-2.0",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "BSL-1.0",
+  "CC0-1.0",
+  "ISC",
+  "MIT",
+  "MIT-0",
+  "MPL-2.0",
+  "Unlicense",
+  "Zlib",
 ]
 
-# Sigh
+[[exceptions]]
+allow = ["BUSL-1.1"]
+crate = "surrealdb"
+
+[[exceptions]]
+allow = ["BUSL-1.1"]
+crate = "surrealdb-core"
+
+[[exceptions]]
+allow = ["OpenSSL"]
+crate = "ring"
+
+[[exceptions]]
+allow = ["Unicode-DFS-2016"]
+crate = "unicode-ident"
+
+[[exceptions]]
+allow = ["W3C-20150513", "CC-BY-SA-3.0"]
+crate = "ssi-contexts"
+
 [[licenses.clarify]]
 crate = "ring"
 # SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
@@ -47,25 +59,26 @@ license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
 [advisories]
 version = 2
 ignore = [
-	"RUSTSEC-2023-0055", # lexical json number parsing
-	"RUSTSEC-2023-0071", # rsa sidechannel
-	"RUSTSEC-2024-0358", # object_store AWS
-	"RUSTSEC-2024-0370", # proc-macro-error unmaintained
+  "RUSTSEC-2023-0055", # lexical json number parsing
+  "RUSTSEC-2023-0071", # rsa sidechannel
+  "RUSTSEC-2024-0358", # object_store AWS
+  "RUSTSEC-2024-0370", # proc-macro-error unmaintained
+  "RUSTSEC-2023-0086", # lexical-core soundness issues
 ]
 
 [bans]
 multiple-versions = "warn"
 deny = [
-	{ name = "bevy", deny-multiple-versions = true },
-	{ name = "tokio", deny-multiple-versions = true },
+  { name = "bevy", deny-multiple-versions = true },
+  { name = "tokio", deny-multiple-versions = true },
 ]
 
-  [sources]
+[sources]
 unknown-registry = "deny"
 unknown-git = "deny"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
 allow-git = [
-	"https://github.com/kayhhh/wasm-bridge",
-	"https://github.com/kayhhh/xwt",
-	"https://github.com/unavi-xyz/bevy_vrm",
+  "https://github.com/kayhhh/wasm-bridge",
+  "https://github.com/kayhhh/xwt",
+  "https://github.com/unavi-xyz/bevy_vrm",
 ]