forked from krustlet/krustlet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deny.toml
113 lines (94 loc) · 3.17 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
[advisories]
ignore = [
# We are using some deprecated versions to support Windows
"RUSTSEC-2020-0016"
]
[licenses]
confidence-threshold = 1.0
copyleft = "deny"
unlicensed = "deny"
allow-osi-fsf-free = "both"
default = "deny"
# List of explictly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
allow = [
"LicenseRef-ring",
"LicenseRef-webpki",
"LicenseRef-webpki-roots",
"LicenseRef-krator",
"LicenseRef-krator-derive",
"CC0-1.0",
"BSD-2-Clause",
]
deny = [
"AGPL-3.0",
"WTFPL",
]
[[licenses.clarify]]
name = "ring"
expression = "LicenseRef-ring"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 },
]
[[licenses.clarify]]
name = "webpki"
expression = "LicenseRef-webpki"
license-files = [
{ path = "LICENSE", hash = 0x001c7e6c },
]
# TODO: Remove these once we bump krustlet
[[licenses.clarify]]
name = "krator"
expression = "LicenseRef-krator"
license-files = [
{ path = "LICENSE", hash = 0x62365415 },
]
[[licenses.clarify]]
name = "krator-derive"
expression = "LicenseRef-krator-derive"
license-files = [
{ path = "LICENSE", hash = 0x62365415 },
]
[bans]
skip = [
# Pretty much all of these are for duplicate versions
# Clap is using a lower version, so we can ignore it for now
{ name = "ansi_term", version = "=0.11.0" },
# Currently there is an upper bound on later versions of hyperx that make it impossible to
# resolve dependencies. We need https://github.com/dekellum/hyperx/pull/34 merged in order to
# update the dependencies here
{ name = "base64", version = "=0.10.1" },
{ name = "bytes", version = "=0.4.12" },
{ name = "http", version = "=0.1.21" },
{ name = "percent-encoding", version = "=1.0.1" },
# Old bitflags comes from old dependency needed for Windows
{ name = "bitflags", version = "=0.9.1" },
# Windows testing dep
{ name = "bytes", version = "=0.3.0" },
# Windows dep
{ name = "bytes", version = "=0.5.6" },
# Duplicate deps from kube dependencies
{ name = "pin-project", version = "=0.4.28"},
{ name = "pin-project-internal", version = "=0.4.28"},
# Used by tempfile in our tests
{ name = "remove_dir_all", version = "=0.5.3"},
# We depend on www-authenticate, which depends on these older versions
{ name = "unicase", version = "=1.4.2"},
{ name = "version_check", version = "=0.1.5"},
# There appear to be several wasmtime-wasi dependencies that are out of sync. This skips those
# specific ones
{ name = "wast", version = "=35.0.2" },
]
skip-tree = [
# Skip these windows specific crates that we know are using old versions, which trigger duplicates
{ name = "mio", version = "^0.6" },
{ name = "miow", version = "^0.2" },
{ name = "tokio-compat-02", version = "=0.2.0"},
{ name = "env_logger", version = "=0.4.3"},
{ name = "version-sync", version = "^0.5"},
# Warp uses an older version of rand, we can ignore that version here
{ name = "rand", version = "=0.7.3" },
# Earlier version used by some of the WASI stuff
{ name = "rustc_version", version = "=0.3.3"},
]