mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-23 12:09:37 +00:00
56574f2f5b
* Add a cargo deny workflow Also trims out a pointless submodule checkout (we have none). * Remove no longer relevant advisories/allowances * Patch for array-bytes * Remove unused properties * Restore chrono advisory * Allow MPL-2.0, correct GPL-3.0 allowance specification * Properly ban copyleft, run on all crates * Exceptions for Serai crates (AGPL-3.0) * Remove top comments * Clarify reasoning for not checking advisories in CI * Run all checks in CI While this may bring down an unrelated commit, we can manually review, before creating a followup commit allowing it. If it's critical, then this did its job.
73 lines
1.5 KiB
TOML
73 lines
1.5 KiB
TOML
[advisories]
|
|
db-path = "~/.cargo/advisory-db"
|
|
db-urls = ["https://github.com/rustsec/advisory-db"]
|
|
|
|
vulnerability = "deny"
|
|
yanked = "deny"
|
|
notice = "warn"
|
|
unmaintained = "warn"
|
|
|
|
ignore = [
|
|
"RUSTSEC-2020-0071", # https://github.com/chronotope/chrono/issues/602
|
|
]
|
|
|
|
[licenses]
|
|
unlicensed = "deny"
|
|
|
|
allow = [
|
|
# Effective public domain
|
|
"CC0-1.0",
|
|
"Unlicense",
|
|
|
|
# Attribution required
|
|
"MIT",
|
|
"BSD-2-Clause",
|
|
"BSD-3-Clause",
|
|
"ISC",
|
|
"Unicode-DFS-2016",
|
|
"OpenSSL",
|
|
|
|
# Non-invasive copyleft
|
|
"MPL-2.0",
|
|
"Apache-2.0",
|
|
"Apache-2.0 WITH LLVM-exception",
|
|
"GPL-3.0 WITH Classpath-exception-2.0",
|
|
]
|
|
|
|
copyleft = "deny"
|
|
allow-osi-fsf-free = "neither"
|
|
default = "deny"
|
|
|
|
exceptions = [
|
|
{ allow = ["AGPL-3.0"], name = "ethereum-serai" },
|
|
{ allow = ["AGPL-3.0"], name = "serai-processor" },
|
|
|
|
{ allow = ["AGPL-3.0"], name = "serai-extension" },
|
|
{ allow = ["AGPL-3.0"], name = "serai-multisig" },
|
|
|
|
{ allow = ["AGPL-3.0"], name = "serai-runtime" },
|
|
{ allow = ["AGPL-3.0"], name = "serai-consensus" },
|
|
{ allow = ["AGPL-3.0"], name = "serai-node" },
|
|
]
|
|
|
|
[[licenses.clarify]]
|
|
name = "ring"
|
|
version = "*"
|
|
expression = "MIT AND ISC AND OpenSSL"
|
|
license-files = [
|
|
{ path = "LICENSE", hash = 0xbd0eed23 }
|
|
]
|
|
|
|
[bans]
|
|
multiple-versions = "warn"
|
|
wildcards = "warn"
|
|
highlight = "all"
|
|
|
|
[sources]
|
|
unknown-registry = "deny"
|
|
unknown-git = "deny"
|
|
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|
|
allow-git = [
|
|
"https://github.com/serai-dex/substrate",
|
|
"https://github.com/hack-ink/array-bytes"
|
|
]
|