krafka 0.12.0

A pure Rust, async-native Apache Kafka client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

# cargo-deny configuration for krafka.
# Run: `cargo deny check` to audit licenses, bans, and advisories.
# Install: `cargo install cargo-deny`

[graph]
# Resolve the dependency graph with all features enabled so we audit every
# possible dependency, not just the default-feature subset.
all-features = true

# ---------------------------------------------------------------------------
# License checks
# ---------------------------------------------------------------------------
[licenses]
# Minimum confidence required to accept a license identified via SPDX
# expression scanning (0.0–1.0).
confidence-threshold = 0.8

# List of explicitly allowed SPDX identifiers.
allow = [
    "MIT",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-3.0",
    "Unicode-DFS-2016",
    "CC0-1.0",
    "MPL-2.0",        # ring uses OpenSSL + ISC; rustls uses same — kept for completeness
    "Zlib",
    "OpenSSL",        # ring's OpenSSL-licensed portions
]

# Copyleft licenses that must never appear in the dependency graph.
deny = [
    "GPL-1.0",
    "GPL-2.0",
    "GPL-3.0",
    "LGPL-2.0",
    "LGPL-2.1",
    "LGPL-3.0",
    "AGPL-1.0",
    "AGPL-3.0",
    "SSPL-1.0",
    "BUSL-1.1",
]

# ---------------------------------------------------------------------------
# Dependency bans
# ---------------------------------------------------------------------------
[bans]
# Forbid multiple versions of the same crate (use skip/skip-tree for known ok).
multiple-versions = "warn"

# Crates that must never be included for security / correctness reasons.
deny = [
    # Unmaintained OpenSSL binding; prefer rustls.
    { name = "openssl" },
]

# Known acceptable duplicate crate versions introduced by the dependency tree
# (e.g., transitive deps that haven't been updated yet).
skip = []

# ---------------------------------------------------------------------------
# Security advisories
# ---------------------------------------------------------------------------
[advisories]
# Fail on any unignored security vulnerability.
version = 2
# Path to a local advisory database clone (optional; omit to use GitHub fetch).
# db-path = "~/.cargo/advisory-db"

# Treat yanked crates as an error.
yanked = "deny"

# ---------------------------------------------------------------------------
# Source allowlist
# ---------------------------------------------------------------------------
[sources]
# Only allow crates from crates.io and the workspace itself.
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]