T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
909a5d54d2f74e9647d7eca0dc7f9e711628b3d0
wasmtime/deny.toml
Alex Crichton b553d84362 Change how security advisories work on CI (#3461) 
Before this commit we actually have two builders checking for security
advisories on CI, one is `cargo audit` and one is `cargo deny`. The
`cargo deny` builder is slightly different in that it checks a few other
things about our dependency tree such as licenses, duplicates, etc. This
commit removes the advisory check from `cargo deny` on CI and then moves
the `cargo audit` check to a separate workflow.

The `cargo audit` check will now run nightly and will open an issue on
the Wasmtime repository when an advisory is found. This should help make
it such that our CI is never broken by the publication of an advisory
but we're still promptly notified whenever an advisory is made. I've
updated the release process notes to indicate that the open issues
should be double-checked to ensure that there are no open advisories
that we need to take care of.
2021-10-19 10:12:36 -05:00

39 lines
1.1 KiB
TOML
Raw Blame History

# Documentation for this configuration file can be found here
# https://embarkstudios.github.io/cargo-deny/checks/cfg.html
targets = [
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "x86_64-apple-darwin" },
{ triple = "x86_64-pc-windows-msvc" },
{ triple = "aarch64-linux-android" },
]
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
allow = [
"Apache-2.0 WITH LLVM-exception",
"Apache-2.0",
"BSD-2-Clause",
"CC0-1.0",
"ISC",
"MIT",
"MPL-2.0",
"Zlib",
]
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
multiple-versions = "deny"
wildcards = "allow"
deny = []
# Skip some multiple-versions checks, until they can be fixed.
skip = [
{ name = "ansi_term" }, # transitive dependencies only
{ name = "env_logger" }, # pretty_env_logger and file-per-thread-logger depend on 0.7
{ name = "humantime" }, # caused by env_logger
{ name = "wast" }, # old one pulled in by witx
{ name = "itertools" }, # 0.9 pulled in by criterion-plot
{ name = "quick-error" }, # transitive dependencies
]
Reference in New Issue View Git Blame Copy Permalink