tensorzero/deny.toml at main · RouterBase/tensorzero · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# cargo-deny

[sources]
allow-git = [
    "https://github.com/hyperium/mime",
    "https://github.com/tensorzero/durable",
]
unknown-git = "deny"

[bans]
deny = [
    { name = "native-tls" },
    { name = "openssl" },
    { name = "openssl-sys" },
    { name = "reqwest-eventsource", reason = "Use reqwest-sse-stream instead" },
    { name = "reqwest_eventsource", reason = "Use reqwest-sse-stream instead" },
    { name = "eventsource-stream", reason = "Use sse-stream instead" }
]
# We have lots of transitive dependencies with multiple versions,
# so this check isn't useful for us.
multiple-versions = "allow"

[advisories]
ignore = [
    "RUSTSEC-2024-0436", # We don't care that 'paste' is unmaintained
]

[licenses]
version = 2
allow = [
    "Unicode-3.0",
    "Apache-2.0",
    "MIT",
    "BSL-1.0",
    "CDLA-Permissive-2.0",
    "ISC",
    "CC0-1.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-3-Clause",
    "Zlib",
    "MIT-0",
    "OpenSSL",
    "BSD-2-Clause",
]

# These are not released and only used for local testing, we don't care about security vulnerabilities in them
[graph]
exclude = ["rate-limit-load-test", "feedback-load-test"]