|
| 1 | +# Note that all fields that take a lint level have these possible values: |
| 2 | +# * deny - An error will be produced and the check will fail |
| 3 | +# * warn - A warning will be produced, but the check will not fail |
| 4 | +# * allow - No warning or error will be produced, though in some cases a note |
| 5 | +# will be |
| 6 | + |
| 7 | +# This section is considered when running `cargo deny check advisories` |
| 8 | +# More documentation for the advisories section can be found here: |
| 9 | +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html |
| 10 | +[advisories] |
| 11 | +# The lint level for security vulnerabilities |
| 12 | +vulnerability = "deny" |
| 13 | +# The lint level for unmaintained crates |
| 14 | +unmaintained = "warn" |
| 15 | +# The lint level for crates that have been yanked from their source registry |
| 16 | +yanked = "warn" |
| 17 | +# The lint level for crates with security notices. Note that as of |
| 18 | +# 2019-12-17 there are no security notice advisories in |
| 19 | +# https://github.com/rustsec/advisory-db |
| 20 | +notice = "warn" |
| 21 | +# A list of advisory IDs to ignore. Note that ignored advisories will still |
| 22 | +# output a note when they are encountered. |
| 23 | +# |
| 24 | +# e.g. "RUSTSEC-0000-0000", |
| 25 | +ignore = [ |
| 26 | +] |
| 27 | + |
| 28 | +# This section is considered when running `cargo deny check licenses` |
| 29 | +# More documentation for the licenses section can be found here: |
| 30 | +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html |
| 31 | +[licenses] |
| 32 | +unlicensed = "deny" |
| 33 | +# List of explicitly allowed licenses |
| 34 | +# See https://spdx.org/licenses/ for list of possible licenses |
| 35 | +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. |
| 36 | +allow = [ |
| 37 | + "MIT", |
| 38 | + "MIT-0", |
| 39 | + "Apache-2.0", |
| 40 | + "BSD-3-Clause", |
| 41 | + "MPL-2.0", |
| 42 | + "Unicode-DFS-2016", |
| 43 | + "CC0-1.0", |
| 44 | +] |
| 45 | +# List of explicitly disallowed licenses |
| 46 | +# See https://spdx.org/licenses/ for list of possible licenses |
| 47 | +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. |
| 48 | +deny = [ |
| 49 | +] |
| 50 | +# Lint level for licenses considered copyleft |
| 51 | +copyleft = "deny" |
| 52 | +# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses |
| 53 | +# * both - The license will be approved if it is both OSI-approved *AND* FSF |
| 54 | +# * either - The license will be approved if it is either OSI-approved *OR* FSF |
| 55 | +# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF |
| 56 | +# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved |
| 57 | +# * neither - This predicate is ignored and the default lint level is used |
| 58 | +allow-osi-fsf-free = "neither" |
| 59 | +# Lint level used when no other predicates are matched |
| 60 | +# 1. License isn't in the allow or deny lists |
| 61 | +# 2. License isn't copyleft |
| 62 | +# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither" |
| 63 | +default = "deny" |
| 64 | +# The confidence threshold for detecting a license from license text. |
| 65 | +# The higher the value, the more closely the license text must be to the |
| 66 | +# canonical license text of a valid SPDX license file. |
| 67 | +# [possible values: any between 0.0 and 1.0]. |
| 68 | +confidence-threshold = 0.8 |
| 69 | +# Allow 1 or more licenses on a per-crate basis, so that particular licenses |
| 70 | +# aren't accepted for every possible crate as with the normal allow list |
| 71 | +exceptions = [ |
| 72 | + # Each entry is the crate and version constraint, and its specific allow |
| 73 | + # list |
| 74 | + #{ allow = ["Zlib"], name = "adler32", version = "*" }, |
| 75 | +] |
| 76 | + |
| 77 | +[licenses.private] |
| 78 | +# If true, ignores workspace crates that aren't published, or are only |
| 79 | +# published to private registries. |
| 80 | +# To see how to mark a crate as unpublished (to the official registry), |
| 81 | +# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field. |
| 82 | +ignore = true |
| 83 | + |
| 84 | +# This section is considered when running `cargo deny check bans`. |
| 85 | +# More documentation about the 'bans' section can be found here: |
| 86 | +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html |
| 87 | +[bans] |
| 88 | +# Lint level for when multiple versions of the same crate are detected |
| 89 | +multiple-versions = "warn" |
| 90 | +# Lint level for when a crate version requirement is `*` |
| 91 | +wildcards = "deny" |
| 92 | +# The graph highlighting used when creating dotgraphs for crates |
| 93 | +# with multiple versions |
| 94 | +# * lowest-version - The path to the lowest versioned duplicate is highlighted |
| 95 | +# * simplest-path - The path to the version with the fewest edges is highlighted |
| 96 | +# * all - Both lowest-version and simplest-path are used |
| 97 | +highlight = "all" |
| 98 | +# The default lint level for `default` features for crates that are members of |
| 99 | +# the workspace that is being checked. This can be overridden by allowing/denying |
| 100 | +# `default` on a crate-by-crate basis if desired. |
| 101 | +workspace-default-features = "allow" |
| 102 | +# The default lint level for `default` features for external crates that are not |
| 103 | +# members of the workspace. This can be overridden by allowing/denying `default` |
| 104 | +# on a crate-by-crate basis if desired. |
| 105 | +external-default-features = "allow" |
| 106 | +# List of crates that are allowed. Use with care! |
| 107 | +allow = [ |
| 108 | + #{ name = "ansi_term", version = "=0.11.0" }, |
| 109 | +] |
| 110 | +# List of crates to deny |
| 111 | +deny = [ |
| 112 | + # Each entry the name of a crate and a version range. If version is |
| 113 | + # not specified, all versions will be matched. |
| 114 | + #{ name = "ansi_term", version = "=0.11.0" }, |
| 115 | + # |
| 116 | + # Wrapper crates can optionally be specified to allow the crate when it |
| 117 | + # is a direct dependency of the otherwise banned crate |
| 118 | + #{ name = "ansi_term", version = "=0.11.0", wrappers = [] }, |
| 119 | +] |
| 120 | + |
| 121 | +# This section is considered when running `cargo deny check sources`. |
| 122 | +# More documentation about the 'sources' section can be found here: |
| 123 | +# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html |
| 124 | +[sources] |
| 125 | +# Lint level for what to happen when a crate from a crate registry that is not |
| 126 | +# in the allow list is encountered |
| 127 | +unknown-registry = "deny" |
| 128 | +# Lint level for what to happen when a crate from a git repository that is not |
| 129 | +# in the allow list is encountered |
| 130 | +unknown-git = "deny" |
| 131 | +# List of URLs for allowed crate registries. Defaults to the crates.io index |
| 132 | +# if not specified. If it is specified but empty, no registries are allowed. |
| 133 | +allow-registry = ["https://github.com/rust-lang/crates.io-index"] |
| 134 | +# List of URLs for allowed Git repositories |
| 135 | +allow-git = [] |
| 136 | + |
| 137 | +[sources.allow-org] |
| 138 | +# 1 or more github.com organizations to allow git sources for |
| 139 | +github = [] |
0 commit comments