From cbef646a2d96e58e844c66dfac2d5310703a150e Mon Sep 17 00:00:00 2001
From: Frank Bell <frank@r0gue.io>
Date: Tue, 14 May 2024 21:46:48 +0100
Subject: [PATCH 1/3] ci: add dependency and license checks

---
 .github/workflows/ci.yml |  7 +++++++
 Cargo.toml               |  2 +-
 deny.toml                | 25 +++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 deny.toml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 93b03b7d..d04d55df 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,6 +38,13 @@ jobs:
       - name: Build default features
         run: cargo build
 
+  deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+
   unit-tests:
     needs: lint
     runs-on: ubuntu-latest
diff --git a/Cargo.toml b/Cargo.toml
index 99cc1c68..ecf8e98f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,7 +14,7 @@ members = ["crates/*"]
 
 [workspace.package]
 edition = "2021"
-license = "GPL-3"
+license = "GPL-3.0"
 
 [workspace.dependencies]
 anyhow = "1.0"
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..b7916e37
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,25 @@
+[graph]
+all-features = true
+
+[licenses]
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSL-1.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "GPL-3.0",
+    "MIT",
+    "OpenSSL",
+    "Unicode-DFS-2016"
+]
+confidence-threshold = 0.93
+
+[[licenses.clarify]]
+name = "ring"
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
\ No newline at end of file

From 428dddd27f5ad20f9b1873e13908c6ae8be733fb Mon Sep 17 00:00:00 2001
From: Alex Bean <alexfraga10@gmail.com>
Date: Wed, 15 May 2024 11:37:44 +0200
Subject: [PATCH 2/3] chore: modify list of compliance licenses (#172)

---
 deny.toml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/deny.toml b/deny.toml
index b7916e37..ad6f6803 100644
--- a/deny.toml
+++ b/deny.toml
@@ -12,11 +12,16 @@ allow = [
     "ISC",
     "GPL-3.0",
     "MIT",
-    "OpenSSL",
-    "Unicode-DFS-2016"
+    "MPL-2.0",
+    "Unicode-DFS-2016",
+    "Unlicense"
 ]
 confidence-threshold = 0.93
 
+[[licenses.exceptions]]
+allow = ["OpenSSL"]
+name = "ring"
+
 [[licenses.clarify]]
 name = "ring"
 expression = "ISC AND MIT AND OpenSSL"

From dccc25cc479e3c142b21fac7f1dfd4646105ba85 Mon Sep 17 00:00:00 2001
From: Alex Bean <alexfraga10@gmail.com>
Date: Wed, 15 May 2024 18:04:07 +0200
Subject: [PATCH 3/3] fix: ignore dependencies with a reason to pass the deny
 checks (#174)

* fix: ignore dependencies with a reason to pass the deny checks

* refactor: remove useless comments

* fix: only show warn for unmantained libs
---
 deny.toml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deny.toml b/deny.toml
index ad6f6803..5dde7f67 100644
--- a/deny.toml
+++ b/deny.toml
@@ -1,6 +1,14 @@
 [graph]
 all-features = true
 
+# This section is considered when running `cargo deny check advisories`
+[advisories]
+unmaintained = "warn"
+ignore = [
+    { id = "RUSTSEC-2024-0336", reason = "No upgrade available. Tracking the vulnerability: https://github.com/r0gue-io/pop-cli/issues/173" },
+    { id = "RUSTSEC-2023-0071", reason = "No upgrade available. Tracking the vulnerability: https://github.com/r0gue-io/pop-cli/issues/173" },
+]
+
 [licenses]
 allow = [
     "Apache-2.0",