deny.toml - toolchain/cargo-deny - Gitiles

 [graph]
 # cargo-deny is really only ever intended to run on the "normal" tier-1 targets
 targets = [
     "x86_64-unknown-linux-gnu",
     "aarch64-unknown-linux-gnu",
     "x86_64-unknown-linux-musl",
     "aarch64-apple-darwin",
     "x86_64-apple-darwin",
     "x86_64-pc-windows-msvc",
 ]
 all-features = true

 [advisories]
 version = 2
 ignore = [
     { id = "RUSTSEC-2022-0092", reason = "askalono always provides valid utf-8 files from a cache, this is not relevant" },
 ]

 [bans]
 multiple-versions = "deny"
 wildcards = 'deny'
 deny = [
     { crate = "git2", use-instead = "gix" },
     { crate = "openssl", use-instead = "rustls" },
     { crate = "openssl-sys", use-instead = "rustls" },
     "libssh2-sys",
     { crate = "cmake", use-instead = "cc" },
     { crate = "windows", reason = "bloated and unnecessary", use-instead = "ideally inline bindings, practically, windows-sys" },
 ]
 skip = [
     { crate = "bitflags@1.3.2", reason = "https://github.com/seanmonstar/reqwest/pull/2130 should be in the next version" },
     { crate = "winnow@0.5.40", reason = "gix 0.59 was yanked, see https://github.com/Byron/gitoxide/issues/1309" },
     { crate = "heck@0.4.1", reason = "strum_macros uses this old version" },
 ]
 skip-tree = [
     { crate = "windows-sys@0.48.0", reason = "a foundational crate for many that bumps far too frequently to ever have a shared version" },
 ]

 [sources]
 unknown-registry = "deny"
 unknown-git = "deny"

 [licenses]
 version = 2
 # We want really high confidence when inferring licenses from text
 confidence-threshold = 0.93
 allow = [
     "Apache-2.0",
     "Apache-2.0 WITH LLVM-exception",
     "MIT",
     "MPL-2.0",
     "BSD-3-Clause",
     "ISC",
 ]
 exceptions = [
     # Use exceptions for these as they only have a single user
     { allow = ["Zlib"], crate = "tinyvec" },
     { allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
     { allow = ["OpenSSL"], crate = "ring" },
 ]

 # Sigh
 [[licenses.clarify]]
 crate = "ring"
 # SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
 # https://spdx.org/licenses/OpenSSL.html
 # ISC - Both BoringSSL and ring use this for their new files
 # MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
 # license, for third_party/fiat, which, unlike other third_party directories, is
 # compiled into non-test libraries, is included below."
 # OpenSSL - Obviously
 expression = "ISC AND MIT AND OpenSSL"
 license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]

 [[licenses.clarify]]
 crate = "webpki"
 expression = "ISC"
 license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]

 # Actually "ISC-style"
 [[licenses.clarify]]
 crate = "rustls-webpki"
 expression = "ISC"
 license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]
	[graph]
	# cargo-deny is really only ever intended to run on the "normal" tier-1 targets
	targets = [
	"x86_64-unknown-linux-gnu",
	"aarch64-unknown-linux-gnu",
	"x86_64-unknown-linux-musl",
	"aarch64-apple-darwin",
	"x86_64-apple-darwin",
	"x86_64-pc-windows-msvc",
	]
	all-features = true

	[advisories]
	version = 2
	ignore = [
	{ id = "RUSTSEC-2022-0092", reason = "askalono always provides valid utf-8 files from a cache, this is not relevant" },
	]

	[bans]
	multiple-versions = "deny"
	wildcards = 'deny'
	deny = [
	{ crate = "git2", use-instead = "gix" },
	{ crate = "openssl", use-instead = "rustls" },
	{ crate = "openssl-sys", use-instead = "rustls" },
	"libssh2-sys",
	{ crate = "cmake", use-instead = "cc" },
	{ crate = "windows", reason = "bloated and unnecessary", use-instead = "ideally inline bindings, practically, windows-sys" },
	]
	skip = [
	{ crate = "bitflags@1.3.2", reason = "https://github.com/seanmonstar/reqwest/pull/2130 should be in the next version" },
	{ crate = "winnow@0.5.40", reason = "gix 0.59 was yanked, see https://github.com/Byron/gitoxide/issues/1309" },
	{ crate = "heck@0.4.1", reason = "strum_macros uses this old version" },
	]
	skip-tree = [
	{ crate = "windows-sys@0.48.0", reason = "a foundational crate for many that bumps far too frequently to ever have a shared version" },
	]

	[sources]
	unknown-registry = "deny"
	unknown-git = "deny"

	[licenses]
	version = 2
	# We want really high confidence when inferring licenses from text
	confidence-threshold = 0.93
	allow = [
	"Apache-2.0",
	"Apache-2.0 WITH LLVM-exception",
	"MIT",
	"MPL-2.0",
	"BSD-3-Clause",
	"ISC",
	]
	exceptions = [
	# Use exceptions for these as they only have a single user
	{ allow = ["Zlib"], crate = "tinyvec" },
	{ allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
	{ allow = ["OpenSSL"], crate = "ring" },
	]

	# Sigh
	[[licenses.clarify]]
	crate = "ring"
	# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
	# https://spdx.org/licenses/OpenSSL.html
	# ISC - Both BoringSSL and ring use this for their new files
	# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
	# license, for third_party/fiat, which, unlike other third_party directories, is
	# compiled into non-test libraries, is included below."
	# OpenSSL - Obviously
	expression = "ISC AND MIT AND OpenSSL"
	license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]

	[[licenses.clarify]]
	crate = "webpki"
	expression = "ISC"
	license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]

	# Actually "ISC-style"
	[[licenses.clarify]]
	crate = "rustls-webpki"
	expression = "ISC"
	license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]