2022-02-05 05:08:15 +08:00
|
|
|
# https://embarkstudios.github.io/cargo-deny/
|
|
|
|
|
|
|
|
targets = [
|
|
|
|
{ triple = "aarch64-apple-darwin" },
|
|
|
|
{ triple = "aarch64-linux-android" },
|
2022-10-03 16:37:50 +08:00
|
|
|
{ triple = "wasm32-unknown-unknown" },
|
2022-02-05 05:08:15 +08:00
|
|
|
{ triple = "x86_64-apple-darwin" },
|
|
|
|
{ triple = "x86_64-pc-windows-msvc" },
|
|
|
|
{ triple = "x86_64-unknown-linux-gnu" },
|
|
|
|
{ triple = "x86_64-unknown-linux-musl" },
|
|
|
|
]
|
|
|
|
|
|
|
|
[advisories]
|
|
|
|
vulnerability = "deny"
|
|
|
|
unmaintained = "warn"
|
|
|
|
yanked = "deny"
|
|
|
|
ignore = [
|
|
|
|
"RUSTSEC-2020-0071", # https://rustsec.org/advisories/RUSTSEC-2020-0071 - chrono/time: Potential segfault in the time crate
|
|
|
|
"RUSTSEC-2020-0159", # https://rustsec.org/advisories/RUSTSEC-2020-0159 - chrono/time: Potential segfault in localtime_r invocations
|
2022-04-10 22:41:07 +08:00
|
|
|
"RUSTSEC-2021-0127", # https://rustsec.org/advisories/RUSTSEC-2021-0127 - https://github.com/bheisler/criterion.rs/issues/534
|
2022-02-05 05:08:15 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
[bans]
|
|
|
|
multiple-versions = "deny"
|
|
|
|
wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed
|
|
|
|
deny = [
|
2022-04-10 22:41:07 +08:00
|
|
|
{ name = "openssl" }, # prefer rustls
|
|
|
|
{ name = "openssl-sys" }, # prefer rustls
|
2022-02-05 05:08:15 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
skip = [
|
2022-04-10 22:41:07 +08:00
|
|
|
{ name = "ahash" }, # old version via dark-light
|
|
|
|
{ name = "arrayvec" }, # old version via tiny-skiaz
|
|
|
|
{ name = "hashbrown" }, # old version via dark-light
|
|
|
|
{ name = "time" }, # old version pulled in by unmaintianed crate 'chrono'
|
2022-02-23 02:32:30 +08:00
|
|
|
{ name = "ttf-parser" }, # different versions pulled in by ab_glyph and usvg
|
2022-02-05 05:08:15 +08:00
|
|
|
]
|
|
|
|
skip-tree = [
|
2022-11-22 20:44:01 +08:00
|
|
|
{ name = "criterion" }, # dev-dependency
|
2022-04-10 22:41:07 +08:00
|
|
|
{ name = "glium" }, # legacy crate, lots of old dependencies
|
2022-07-04 02:12:57 +08:00
|
|
|
{ name = "rfd" }, # example dependency
|
2022-07-04 00:29:12 +08:00
|
|
|
{ name = "three-d" }, # example dependency
|
2022-02-05 05:08:15 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
[licenses]
|
|
|
|
unlicensed = "deny"
|
|
|
|
allow-osi-fsf-free = "neither"
|
|
|
|
confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text
|
|
|
|
copyleft = "deny"
|
|
|
|
allow = [
|
2022-11-22 20:44:01 +08:00
|
|
|
"Apache-2.0", # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
|
|
|
|
"BSD-2-Clause", # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)
|
|
|
|
"BSD-3-Clause", # https://tldrlegal.com/license/bsd-3-clause-license-(revised)
|
|
|
|
"BSL-1.0", # https://tldrlegal.com/license/boost-software-license-1.0-explained
|
|
|
|
"CC0-1.0", # https://creativecommons.org/publicdomain/zero/1.0/
|
|
|
|
"ISC", # https://tldrlegal.com/license/-isc-license
|
|
|
|
"LicenseRef-UFL-1.0", # https://tldrlegal.com/license/ubuntu-font-license,-1.0 - no official SPDX, see https://github.com/emilk/egui/issues/2321
|
|
|
|
"MIT", # https://tldrlegal.com/license/mit-license
|
|
|
|
"MPL-2.0", # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11
|
|
|
|
"OFL-1.1", # https://spdx.org/licenses/OFL-1.1.html
|
|
|
|
"OpenSSL", # https://www.openssl.org/source/license.html
|
|
|
|
"Unicode-DFS-2016", # https://spdx.org/licenses/Unicode-DFS-2016.html
|
|
|
|
"Zlib", # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
|
2022-02-05 05:08:15 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
[[licenses.clarify]]
|
|
|
|
name = "webpki"
|
|
|
|
expression = "ISC"
|
2022-04-10 22:41:07 +08:00
|
|
|
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]
|
2022-02-05 05:08:15 +08:00
|
|
|
|
|
|
|
[[licenses.clarify]]
|
|
|
|
name = "ring"
|
|
|
|
expression = "MIT AND ISC AND OpenSSL"
|
2022-04-10 22:41:07 +08:00
|
|
|
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
|