From 3f4641175969d7f909509705c8c517f9b21321a1 Mon Sep 17 00:00:00 2001
From: Veetaha <veetaha2@gmail.com>
Date: Sun, 2 Aug 2020 03:36:57 +0300
Subject: [PATCH] Replace cargo-audit  with cargo-deny

`cargo-audit` is likely going to be replaced by `cargo-deny`
See this issue: https://github.com/EmbarkStudios/cargo-deny/issues/194
---
 .github/workflows/ci.yaml | 19 +++++--------
 deny.toml                 | 56 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 13 deletions(-)
 create mode 100644 deny.toml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 2acd440122b6..4fc8e3c11dcf 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -16,19 +16,12 @@ env:
   RUSTUP_MAX_RETRIES: 10
 
 jobs:
-  # rust-audit:
-  #   name: Audit Rust vulnerabilities
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - name: Checkout repository
-  #     uses: actions/checkout@v2
-
-  #   - uses: actions-rs/install@v0.1
-  #     with:
-  #       crate: cargo-audit
-  #       use-tool-cache: true
-
-  #   - run: cargo audit
+  cargo-deny-check:
+    name: Audit Rust codebase
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
 
   rust:
     name: Rust
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 000000000000..d74e66f48562
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,56 @@
+# See docs: https://embarkstudios.github.io/cargo-deny/checks/index.html
+
+[advisories]
+vulnerability = "deny"
+unmaintained = "deny"
+yanked = "deny"
+notice = "deny"
+ignore = [
+    # This crate is used through `vfs-notify`.
+    #
+    # Original error message:
+    # The [`net2`](https://crates.io/crates/net2) crate has been deprecated
+    # and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead.
+    "RUSTSEC-2020-0016"
+]
+
+[bans]
+multiple-versions = "deny"
+skip = [
+    # This older version of winapi is pulled through vfs-notify
+    { version = "=0.2.8", name = "winapi" }
+
+    # { version = "=0.42.0", name = "crate_name_here" },
+]
+skip-tree = [
+    # { version = "=0.42.0", name = "crate_name_here", depth = 6 },
+]
+deny = []
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
+
+[licenses]
+unlicensed = "deny"
+copyleft = "deny"
+
+# Run `cargo deny list` to see which crates use which license
+# and add them to this array if you accept them
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "Zlib",
+]
+deny = []
+default = "deny"
+allow-osi-fsf-free = "neither"
+
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 0.93