winit/deny.toml

# https://embarkstudios.github.io/cargo-deny/
# cargo install cargo-deny
# cargo update && cargo deny --all-features --log-level error --target aarch64-apple-ios check
# Note: running just `cargo deny check` without a `--target` will result in
# false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324
targets = [
    { triple = "aarch64-apple-ios" },
    { triple = "aarch64-linux-android" },
    { triple = "i686-pc-windows-gnu" },
    { triple = "i686-pc-windows-msvc" },
    { triple = "i686-unknown-linux-gnu" },
    { triple = "wasm32-unknown-unknown" },
    { triple = "x86_64-apple-darwin" },
    { triple = "x86_64-apple-ios" },
    { triple = "x86_64-pc-windows-gnu" },
    { triple = "x86_64-pc-windows-msvc" },
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "x86_64-unknown-redox" },
]


[advisories]
vulnerability = "deny"
unmaintained = "warn"
yanked = "deny"
ignore = []


[bans]
multiple-versions = "deny"
wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed
deny = []
skip = [
    { name = "raw-window-handle" },    # we intentionally have multiple versions of this
    { name = "bitflags" },             # the ecosystem is in the process of migrating.
    { name = "libloading" },           # x11rb uses a different version until the next update
]
skip-tree = []


[licenses]
private = { ignore = true }
unlicensed = "deny"
allow-osi-fsf-free = "neither"
confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text
copyleft = "deny"
allow = [
    "Apache-2.0 WITH LLVM-exception", # https://spdx.org/licenses/LLVM-exception.html
    "Apache-2.0",                     # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
    "BSD-2-Clause",                   # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)
    "BSD-3-Clause",                   # https://tldrlegal.com/license/bsd-3-clause-license-(revised)
    "BSL-1.0",                        # https://tldrlegal.com/license/boost-software-license-1.0-explained
    "CC0-1.0",                        # https://creativecommons.org/publicdomain/zero/1.0/
    "ISC",                            # https://tldrlegal.com/license/-isc-license
    "LicenseRef-UFL-1.0",             # https://tldrlegal.com/license/ubuntu-font-license,-1.0 - no official SPDX, see https://github.com/emilk/egui/issues/2321
    "MIT-0",                          # https://choosealicense.com/licenses/mit-0/
    "MIT",                            # https://tldrlegal.com/license/mit-license
    "MPL-2.0",                        # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11. Used by webpki-roots on Linux.
    "OFL-1.1",                        # https://spdx.org/licenses/OFL-1.1.html
    "OpenSSL",                        # https://www.openssl.org/source/license.html - used on Linux
    "Unicode-DFS-2016",               # https://spdx.org/licenses/Unicode-DFS-2016.html
    "Zlib",                           # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
]