lock the cargo deny version

sprintertech · Aug 26, 2024 · 725f47d · 725f47d
1 parent bf86e28
commit 725f47d
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -50,7 +50,7 @@ jobs:
           submodules: "true"
       - uses: ./.github/actions/install_toolchain
       - name: Install cargo deny
-        run: cargo install --locked cargo-deny
+        run: cargo install --locked cargo-deny --version 0.14.24
       - name: Run cargo deny checks for pallets
         run: cargo-deny check licenses
 

diff --git a/deny.toml b/deny.toml
@@ -68,8 +68,16 @@ feature-depth = 1
 db-path = "~/.cargo/advisory-db"
 # The url(s) of the advisory databases to use
 db-urls = ["https://github.com/rustsec/advisory-db"]
+# The lint level for security vulnerabilities
+vulnerability = "deny"
+# The lint level for unmaintained crates
+unmaintained = "warn"
 # The lint level for crates that have been yanked from their source registry
 yanked = "warn"
+# The lint level for crates with security notices. Note that as of
+# 2019-12-17 there are no security notice advisories in
+# https://github.com/rustsec/advisory-db
+notice = "warn"
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
@@ -95,6 +103,8 @@ ignore = [
 # More documentation for the licenses section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
 [licenses]
+# The lint level for crates which do not have a detectable license
+unlicensed = "deny"
 # List of explicitly allowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
@@ -110,9 +120,26 @@ allow = [
     "CC0-1.0",
     "BSD-2-Clause",
     "Apache-2.0 WITH LLVM-exception",
-    "Zlib",
-    "MPL-2.0"
+    "Zlib"
 ]
+# List of explicitly disallowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
+deny = []
+# Lint level for licenses considered copyleft
+copyleft = "warn"
+# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
+# * both - The license will be approved if it is both OSI-approved *AND* FSF
+# * either - The license will be approved if it is either OSI-approved *OR* FSF
+# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
+# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
+# * neither - This predicate is ignored and the default lint level is used
+allow-osi-fsf-free = "neither"
+# Lint level used when no other predicates are matched
+# 1. License isn't in the allow or deny lists
+# 2. License isn't copyleft
+# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
+default = "deny"
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the
 # canonical license text of a valid SPDX license file.
@@ -252,4 +279,4 @@ github = [""]
 # 1 or more gitlab.com organizations to allow git sources for
 gitlab = [""]
 # 1 or more bitbucket.org organizations to allow git sources for
-bitbucket = [""]
+bitbucket = [""]