From d1d77a8d960e3c396b0921126114456c4ce4603a Mon Sep 17 00:00:00 2001
From: Daniel Rammer <hamersaw@protonmail.com>
Date: Wed, 3 Jun 2026 21:41:15 -0500
Subject: [PATCH] chore: allow CDDL-1.0 for inferno dev dependency (pending
 legal review)

Lance v8.0.0-beta.2 pulls in inferno v0.11.21 (CDDL-1.0) transitively via
pprof -> lance-testing, a dev/profiling-only dependency that is not
distributed. Add CDDL-1.0 to the deny.toml allow list so cargo-deny passes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 deny.toml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deny.toml b/deny.toml
index cbecdb902..464b11ebc 100644
--- a/deny.toml
+++ b/deny.toml
@@ -145,6 +145,10 @@ allow = [
     # CDLA-Permissive-2.0 is a permissive data license used by `webpki-roots`
     # for the Mozilla CA root bundle. Data-only, distribution-compatible.
     "CDLA-Permissive-2.0",
+    # CDDL-1.0 (copyleft) is pulled in only as a dev/profiling dependency via
+    # `inferno` -> `pprof` -> `lance-testing`; it is not distributed.
+    # PENDING LEGAL REVIEW before merge.
+    "CDDL-1.0",
 ]
 confidence-threshold = 0.8
 # Crates whose license cannot be determined from Cargo metadata but whose