anki/.deny.toml

# all-features = true
# features = []
no-default-features = false
feature-depth = 1

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
yanked = "warn"
notice = "warn"
ignore = [
  # xml-rs via apple-bundles: not used for untrusted input
  "RUSTSEC-2022-0048",
]

[licenses]
unlicensed = "deny"
copyleft = "deny"
allow-osi-fsf-free = "neither"
default = "deny"
allow = [
  "MIT",
  "Apache-2.0",
  "Apache-2.0 WITH LLVM-exception",
  "ISC",
  "MPL-2.0",
  "Unicode-DFS-2016",
  "BSD-2-Clause",
  "BSD-3-Clause",
  "OpenSSL",
  "CC0-1.0",
]
confidence-threshold = 0.8
# eg { allow = ["Zlib"], name = "adler32", version = "*" },
exceptions = []

[[licenses.clarify]]
name = "ring"
version = "*"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
  { path = "LICENSE", hash = 0xbd0eed23 },
]

[licenses.private]
ignore = true

[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]

[sources.allow-org]
github = ["ankitects"]

[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"
# eg { name = "ansi_term", version = "=0.11.0" },
allow = []
deny = []
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = []
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite.
# eg { name = "ansi_term", version = "=0.11.0", depth = 20 },
skip-tree = []
Add cargo-deny config Not currently enabled in CI; will probably want to exclude the duplicates from the warnings. 2022-11-30 02:06:04 +01:00			`# all-features = true`
			`# features = []`
			`no-default-features = false`
			`feature-depth = 1`

			`[advisories]`
			`db-path = "~/.cargo/advisory-db"`
			`db-urls = ["https://github.com/rustsec/advisory-db"]`
			`vulnerability = "deny"`
			`unmaintained = "warn"`
			`yanked = "warn"`
			`notice = "warn"`
			`ignore = [`
			`# xml-rs via apple-bundles: not used for untrusted input`
			`"RUSTSEC-2022-0048",`
			`]`

			`[licenses]`
			`unlicensed = "deny"`
			`copyleft = "deny"`
			`allow-osi-fsf-free = "neither"`
			`default = "deny"`
			`allow = [`
			`"MIT",`
			`"Apache-2.0",`
			`"Apache-2.0 WITH LLVM-exception",`
			`"ISC",`
			`"MPL-2.0",`
			`"Unicode-DFS-2016",`
			`"BSD-2-Clause",`
			`"BSD-3-Clause",`
			`"OpenSSL",`
			`"CC0-1.0",`
			`]`
			`confidence-threshold = 0.8`
			`# eg { allow = ["Zlib"], name = "adler32", version = "*" },`
			`exceptions = []`

			`[[licenses.clarify]]`
			`name = "ring"`
			`version = "*"`
			`expression = "MIT AND ISC AND OpenSSL"`
			`license-files = [`
			`{ path = "LICENSE", hash = 0xbd0eed23 },`
			`]`

			`[licenses.private]`
			`ignore = true`

			`[sources]`
			`unknown-registry = "warn"`
			`unknown-git = "warn"`
			`allow-registry = ["https://github.com/rust-lang/crates.io-index"]`

			`[sources.allow-org]`
			`github = ["ankitects"]`

			`[bans]`
			`multiple-versions = "warn"`
			`wildcards = "allow"`
			`highlight = "all"`
			`workspace-default-features = "allow"`
			`external-default-features = "allow"`
			`# eg { name = "ansi_term", version = "=0.11.0" },`
			`allow = []`
			`deny = []`
			`# Certain crates/versions that will be skipped when doing duplicate detection.`
			`skip = []`
			# Similarly to `skip` allows you to skip certain crates during duplicate
			`# detection. Unlike skip, it also includes the entire tree of transitive`
			`# dependencies starting at the specified crate, up to a certain depth, which is`
			`# by default infinite.`
			`# eg { name = "ansi_term", version = "=0.11.0", depth = 20 },`
			`skip-tree = []`