-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathdeny.toml
68 lines (57 loc) · 2.17 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Documentation for this configuration file:
# https://embarkstudios.github.io/cargo-deny/checks/cfg.html
# GitHub link: https://github.com/EmbarkStudios/cargo-deny
[licenses]
# List of explicitly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.7 short identifier (+ optional exception)].
allow = [
"Apache-2.0",
"BSD-2-Clause",
"BSD-3-Clause",
"EPL-2.0",
"MIT",
"MPL-2.0",
"Unicode-3.0",
"Unicode-DFS-2016"
]
# The confidence threshold for detecting a license from license text.
# The higher the value, the more closely the license text must be to the
# canonical license text of a valid SPDX license file.
# [possible values: any between 0.0 and 1.0].
confidence-threshold = 0.8
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "warn"
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# List of crates that are allowed. Use with care!
allow = [
]
# List of crates to deny
deny = [
# Each entry the name of a crate and a version range. If version is
# not specified, all versions will be matched.
{ crate = "fuchsia-cprng" }
]
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite.
skip-tree = [
]
[advisories]
ignore = [
# Ignore an "INFO Unmaintained" advisory for the yaml-rust crate that the
# "syntect" crate uses. This can be removed once
# https://github.com/trishume/syntect/issues/537 is resolved (replace
# yaml-rust with yaml-rust2):
{ id = "RUSTSEC-2024-0320", reason = "Only an informative advisory that the crate is unmaintained and the maintainer unreachable" },
]