-
Notifications
You must be signed in to change notification settings - Fork 81
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
172 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -249,80 +249,9 @@ ignore = ["RUSTSEC-2019-0001"] | |
|
||
##### `advisories.ignore[N] (as Yanked).crate` | ||
|
||
**Type:** `string`<br> | ||
**Type:** [`PackageSpec`](/checks2/type-index.html#packagespec) `(string)`<br> | ||
**Required:** `yes` | ||
|
||
Many configuration options require a package specifier at a minimum, which we'll describe here. | ||
The options that use package specifiers will be called out in their individual documentation. | ||
We'll use the [`bans.deny`](bans/cfg.md#the-deny-field-optional) option in the following examples. | ||
|
||
### String format | ||
|
||
If the particular only requires a package spec at a minimum, then the string format can be used, | ||
which comes in three forms. | ||
|
||
#### Simple | ||
|
||
```toml | ||
# Will match any version of the simple crate | ||
deny = ["simple"] | ||
``` | ||
|
||
The simplest string is one which is just the crate name. In this case, the version requirement | ||
used when checking will be `*` meaning it will match against all versions of that crate in the graph. | ||
|
||
#### With Version Requirements | ||
|
||
```toml | ||
# Will match only these versions of the simple crate that match the predicate(s) | ||
deny = ["simple:<=0.1,>0.2"] | ||
``` | ||
|
||
If you want to apply version requirements (predicates) to the crate, simply append them following | ||
a `:` separator. | ||
|
||
#### Exact | ||
|
||
```toml | ||
# Will match only this exact version of the simple crate | ||
deny = [ | ||
"[email protected]", | ||
# This is semantically equivalent to the above | ||
"simple:=0.1.0", | ||
] | ||
``` | ||
|
||
The exact form is a specialization of the version requirements, where the semver after the `@` | ||
is transformed to be [= (Exact)](https://docs.rs/semver/latest/semver/enum.Op.html#opexact). | ||
|
||
### Table format | ||
|
||
#### Crate format | ||
|
||
```toml | ||
deny = [ | ||
{ crate = "[email protected]" }, # equivalent to "[email protected]" | ||
{ crate = "simple", wrappers = ["example"] }, | ||
] | ||
``` | ||
|
||
The crate format is a replacement for the old `name` and/or `version` table format. It uses | ||
the string format described above in a single `crate` key. | ||
|
||
#### Old format | ||
|
||
```toml | ||
deny = [ | ||
{ name = "simple" }, | ||
{ name = "simple", version = "*" } | ||
{ name = "simple", wrappers = ["example"] } | ||
] | ||
``` | ||
|
||
The old format uses a required `name` key and an optional `version` key. This format is deprecated | ||
and should not be used. | ||
|
||
|
||
##### `advisories.ignore[N] (as Yanked).reason` | ||
|
||
**Type:** [`IgnoreReason`](/checks2/type-index.html#ignorereason) `(string)`<br> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,24 @@ | ||
# config | ||
# `bans` | ||
|
||
**Type:** `object`<br> | ||
**Required:** `no` | ||
|
||
Checks for specific crates in your graph, as well as duplicates. | ||
|
||
This section is considered when running `cargo deny check bans`. | ||
|
||
|
||
## `bans.allow` | ||
|
||
**Type:** `array`<br> | ||
**Required:** `no` | ||
|
||
Determines specific crates that are allowed. If the `allow` list has one or more entries, then | ||
any crate not in that list will be denied, so use with care. Each entry uses the same | ||
[PackageSpec](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#package-spec) | ||
as other parts of cargo-deny's configuration. | ||
|
||
|
||
### Items | ||
|
||
**Type:** [`PackageSpec`](/checks2/type-index.html#packagespec) `(string)` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,6 +20,81 @@ Free-form string that can be used to describe the reason why the advisory is ign | |
|
||
- `"allow"` - Print a note about the problem, but don't fail the check. | ||
|
||
## `PackageSpec` | ||
|
||
**Type:** `string` | ||
|
||
Many configuration options require a package specifier at a minimum, which we'll describe here. | ||
The options that use package specifiers will be called out in their individual documentation. | ||
We'll use the [`bans.deny`](bans/cfg.md#the-deny-field-optional) option in the following examples. | ||
|
||
### String format | ||
|
||
If the particular only requires a package spec at a minimum, then the string format can be used, | ||
which comes in three forms. | ||
|
||
#### Simple | ||
|
||
```toml | ||
# Will match any version of the simple crate | ||
deny = ["simple"] | ||
``` | ||
|
||
The simplest string is one which is just the crate name. In this case, the version requirement | ||
used when checking will be `*` meaning it will match against all versions of that crate in the graph. | ||
|
||
#### With Version Requirements | ||
|
||
```toml | ||
# Will match only these versions of the simple crate that match the predicate(s) | ||
deny = ["simple:<=0.1,>0.2"] | ||
``` | ||
|
||
If you want to apply version requirements (predicates) to the crate, simply append them following | ||
a `:` separator. | ||
|
||
#### Exact | ||
|
||
```toml | ||
# Will match only this exact version of the simple crate | ||
deny = [ | ||
"[email protected]", | ||
# This is semantically equivalent to the above | ||
"simple:=0.1.0", | ||
] | ||
``` | ||
|
||
The exact form is a specialization of the version requirements, where the semver after the `@` | ||
is transformed to be [= (Exact)](https://docs.rs/semver/latest/semver/enum.Op.html#opexact). | ||
|
||
### Table format | ||
|
||
#### Crate format | ||
|
||
```toml | ||
deny = [ | ||
{ crate = "[email protected]" }, # equivalent to "[email protected]" | ||
{ crate = "simple", wrappers = ["example"] }, | ||
] | ||
``` | ||
|
||
The crate format is a replacement for the old `name` and/or `version` table format. It uses | ||
the string format described above in a single `crate` key. | ||
|
||
#### Old format | ||
|
||
```toml | ||
deny = [ | ||
{ name = "simple" }, | ||
{ name = "simple", version = "*" } | ||
{ name = "simple", wrappers = ["example"] } | ||
] | ||
``` | ||
|
||
The old format uses a required `name` key and an optional `version` key. This format is deprecated | ||
and should not be used. | ||
|
||
|
||
## `TargetString` | ||
|
||
**Type:** `string` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters