diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
deleted file mode 100644
index cf78c4f0..00000000
--- a/.github/workflows/audit.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: audit
-
-env:
-  RUST_BACKTRACE: 1
-
-jobs:
-  audit:
-    name: cargo audit
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v1
-    - uses: actions-rs/audit-check@v1
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-
-on:
-  push:
-    branches: [staging, trying]
-  pull_request:
-    branches: [prīmum]
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
new file mode 100644
index 00000000..c6c15a03
--- /dev/null
+++ b/.github/workflows/deny.yml
@@ -0,0 +1,30 @@
+name: deny
+
+env:
+  RUST_BACKTRACE: 1
+
+jobs:
+  cargo-deny-advisories:
+    name: cargo deny advisories
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check advisories
+
+  cargo-deny-licenses:
+    name: cargo deny bans licenses sources
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check bans licenses sources
+
+on:
+  push:
+    branches: [staging, trying]
+  pull_request:
+    branches: [prīmum]
diff --git a/Cargo.lock b/Cargo.lock
index 0384ce44..f25e11f1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -37,7 +37,6 @@ dependencies = [
  "futures-core",
  "futures-io",
  "futures-test",
- "futures_codec",
  "memchr",
  "ntest",
  "pin-project-lite 0.2.8",
@@ -284,7 +283,7 @@ dependencies = [
  "futures-sink",
  "futures-task",
  "futures-util",
- "pin-project 1.0.10",
+ "pin-project",
  "pin-utils",
 ]
 
@@ -306,18 +305,6 @@ dependencies = [
  "slab",
 ]
 
-[[package]]
-name = "futures_codec"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce54d63f8b0c75023ed920d46fd71d0cbbb830b0ee012726b5b4f506fb6dea5b"
-dependencies = [
- "bytes 0.5.6",
- "futures",
- "memchr",
- "pin-project 0.4.29",
-]
-
 [[package]]
 name = "getrandom"
 version = "0.2.6"
@@ -445,33 +432,13 @@ dependencies = [
  "autocfg",
 ]
 
-[[package]]
-name = "pin-project"
-version = "0.4.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9615c18d31137579e9ff063499264ddc1278e7b1982757ebc111028c4d1dc909"
-dependencies = [
- "pin-project-internal 0.4.29",
-]
-
 [[package]]
 name = "pin-project"
 version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "58ad3879ad3baf4e44784bc6a718a8698867bb991f8ce24d1bcbe2cfb4c3a75e"
 dependencies = [
- "pin-project-internal 1.0.10",
-]
-
-[[package]]
-name = "pin-project-internal"
-version = "0.4.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "044964427019eed9d49d9d5bbce6047ef18f37100ea400912a9fa4a3523ab12a"
-dependencies = [
- "proc-macro2 1.0.36",
- "quote 1.0.15",
- "syn 1.0.86",
+ "pin-project-internal",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 2bc87d9a..5b11f157 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -68,7 +68,6 @@ tokio-util-03 = { package = "tokio-util", version = "0.3.0", default-features =
 tokio-util-04 = { package = "tokio-util", version = "0.4.0", default-features = false, features = ["io"] }
 tokio-util-05 = { package = "tokio-util", version = "0.5.0", default-features = false, features = ["io"] }
 tokio-util-06 = { package = "tokio-util", version = "0.6.0", default-features = false, features = ["io"] }
-futures_codec = { version = "0.4.1", default-features = false }
 
 [[test]]
 name = "brotli"
diff --git a/bors.toml b/bors.toml
index 5d49f6ca..b0a311e6 100644
--- a/bors.toml
+++ b/bors.toml
@@ -10,7 +10,7 @@ status = [
   "cargo hack check --all-targets --feature-powerset",
   "cargo fmt --check",
   "cargo clippy",
-  # "cargo audit",
+  "cargo deny bans licenses sources",
   "cargo doc --cfg docsrs",
 ]
 delete_merged_branches = true
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..c6832572
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,32 @@
+[advisories]
+ignore = [
+  # tokio 0.2 and 0.3 are both perma-vulnerable to these two advisories,
+  # will be removed once support for them is dropped
+  "RUSTSEC-2021-0072",
+  "RUSTSEC-2021-0124",
+]
+
+[licenses]
+unlicensed = "deny"
+allow = [
+  "MIT",
+  "Apache-2.0",
+  "BSD-3-Clause",
+]
+default = "deny"
+
+[bans]
+multiple-versions = "warn"
+skip = [
+  # Used in the stream migration docs
+  { name = "tokio-util", version = "0.3" },
+  { name = "tokio-util", version = "0.4" },
+  { name = "tokio-util", version = "0.5" },
+  { name = "tokio-util", version = "0.6" },
+]
+skip-tree = [
+  { name = "tokio", version = "0.2" },
+  { name = "tokio", version = "0.3" },
+  { name = "proptest", version = "1.0" },
+  { name = "proptest-derive", version = "0.3" },
+]