mirror of
https://github.com/bevyengine/bevy
synced 2024-11-10 07:04:33 +00:00
177f2fbf9a
https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
66 lines
2 KiB
TOML
66 lines
2 KiB
TOML
[advisories]
|
|
db-path = "~/.cargo/advisory-db"
|
|
db-urls = ["https://github.com/rustsec/advisory-db"]
|
|
vulnerability = "deny"
|
|
unmaintained = "deny"
|
|
yanked = "deny"
|
|
notice = "deny"
|
|
ignore = [
|
|
"RUSTSEC-2020-0016", # net2 deprecated - https://github.com/deprecrated/net2-rs/commit/3350e3819adf151709047e93f25583a5df681091
|
|
"RUSTSEC-2020-0056", # stdweb unmaintained - https://github.com/koute/stdweb/issues/403
|
|
"RUSTSEC-2021-0047", # security issue - https://github.com/gnzlbg/slice_deque/issues/90
|
|
]
|
|
|
|
[licenses]
|
|
unlicensed = "deny"
|
|
copyleft = "deny"
|
|
allow = [
|
|
"MIT",
|
|
"Apache-2.0",
|
|
"BSD-3-Clause",
|
|
"ISC",
|
|
"Zlib",
|
|
"0BSD",
|
|
"BSD-2-Clause",
|
|
"CC0-1.0",
|
|
"MPL-2.0",
|
|
]
|
|
default = "deny"
|
|
|
|
[[licenses.clarify]]
|
|
name = "stretch"
|
|
expression = "MIT"
|
|
license-files = []
|
|
|
|
[bans]
|
|
multiple-versions = "deny"
|
|
wildcards = "deny"
|
|
highlight = "all"
|
|
# Certain crates/versions that will be skipped when doing duplicate detection.
|
|
skip = [
|
|
{ name = "ahash", version = "0.4" },
|
|
{ name = "android_log-sys", version = "0.1" },
|
|
{ name = "cfg-if", version = "0.1" }, # https://github.com/rustwasm/console_error_panic_hook/pull/18
|
|
{ name = "core-foundation", version = "0.6" },
|
|
{ name = "core-foundation", version = "0.7" },
|
|
{ name = "core-foundation-sys", version = "0.6" },
|
|
{ name = "core-foundation-sys", version = "0.7" },
|
|
{ name = "core-graphics", version = "0.19" },
|
|
{ name = "fixedbitset", version = "0.2" },
|
|
{ name = "libm", version = "0.1" },
|
|
{ name = "mach", version = "0.2" },
|
|
{ name = "mio", version = "0.6" },
|
|
{ name = "miow", version = "0.2" },
|
|
{ name = "ndk", version = "0.2" },
|
|
{ name = "ndk-glue", version = "0.2" },
|
|
{ name = "num_enum", version = "0.4" },
|
|
{ name = "num_enum_derive", version = "0.4" },
|
|
{ name = "stdweb", version = "0.1" },
|
|
{ name = "winapi", version = "0.2" },
|
|
]
|
|
|
|
[sources]
|
|
unknown-registry = "deny"
|
|
unknown-git = "deny"
|
|
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|
|
allow-git = []
|