|
1 | | -# This template contains all of the possible sections and their default values |
2 | | - |
3 | | -# Note that all fields that take a lint level have these possible values: |
4 | | -# * deny - An error will be produced and the check will fail |
5 | | -# * warn - A warning will be produced, but the check will not fail |
6 | | -# * allow - No warning or error will be produced, though in some cases a note will be |
7 | | - |
8 | | -# If 1 or more target triples (and optionally, target_features) are specified, only |
9 | | -# the specified targets will be checked when running `cargo deny check`. This means, |
10 | | -# if a particular package is only ever used as a target specific dependency, such |
11 | | -# as, for example, the `nix` crate only being used via the `target_family = "unix"` |
12 | | -# configuration, that only having windows targets in this list would mean the nix |
13 | | -# crate, as well as any of its exclusive dependencies not shared by any other |
14 | | -# crates, would be ignored, as the target list here is effectively saying which |
15 | | -# targets you are building for. |
16 | | -targets = [ |
17 | | - # The triple can be any string, but only the target triples built in to |
18 | | - # rustc (as of 1.40) can be checked against actual config expressions |
19 | | - #{ triple = "x86_64-unknown-linux-musl" }, |
20 | | - # You can also specify which target_features you promise are enabled for a particular |
21 | | - # target. target_features are currently not validated against the actual valid |
22 | | - # features supported by the target architecture. |
23 | | - #{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, |
24 | | -] |
25 | | - |
26 | | -# This section is considered when running `cargo deny check advisories` |
27 | | -# More documentation for the advisories section can be found here: |
28 | | -# https://github.com/EmbarkStudios/cargo-deny#the-advisories-section |
29 | | -[advisories] |
30 | | -# The path where the advisory database is cloned/fetched into |
31 | | -db-path = "~/.cargo/advisory-db" |
32 | | -# The url of the advisory database to use |
33 | | -db-urls = ["https://github.com/rustsec/advisory-db"] |
34 | | -# The lint level for security vulnerabilities |
35 | | -vulnerability = "deny" |
36 | | -# The lint level for unmaintained crates |
37 | | -unmaintained = "warn" |
38 | | -# The lint level for crates with security notices. Note that as of |
39 | | -# 2019-12-17 there are no security notice advisories in https://github.com/rustsec/advisory-db |
40 | | -notice = "warn" |
41 | | -# A list of advisory IDs to ignore. Note that ignored advisories will still output |
42 | | -# a note when they are encountered. |
43 | | -ignore = [] |
44 | | -# Threshold for security vulnerabilities, any vulnerability with a CVSS score |
45 | | -# lower than the range specified will be ignored. Note that ignored advisories |
46 | | -# will still output a note when they are encountered. |
47 | | -# * None - CVSS Score 0.0 |
48 | | -# * Low - CVSS Score 0.1 - 3.9 |
49 | | -# * Medium - CVSS Score 4.0 - 6.9 |
50 | | -# * High - CVSS Score 7.0 - 8.9 |
51 | | -# * Critical - CVSS Score 9.0 - 10.0 |
52 | | -#severity-threshold = |
53 | | - |
54 | 1 | # This section is considered when running `cargo deny check licenses` |
55 | 2 | # More documentation for the licenses section can be found here: |
56 | | -# https://github.com/EmbarkStudios/cargo-deny#the-licenses-section |
| 3 | +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html |
57 | 4 | [licenses] |
58 | | -# The lint level for crates which do not have a detectable license |
59 | | -unlicensed = "deny" |
60 | | -# List of explictly allowed licenses |
61 | | -# See https://spdx.org/licenses/ for list of possible licenses |
62 | | -# [possible values: any SPDX 3.7 short identifier (+ optional exception)]. |
63 | | -allow = ["Apache-2.0", "MIT", "Unicode-DFS-2016", "Unicode-3.0"] |
64 | | -# List of explictly disallowed licenses |
| 5 | +# List of explicitly allowed licenses |
65 | 6 | # See https://spdx.org/licenses/ for list of possible licenses |
66 | | -# [possible values: any SPDX 3.7 short identifier (+ optional exception)]. |
67 | | -deny = [] |
68 | | -# The lint level for licenses considered copyleft |
69 | | -copyleft = "warn" |
70 | | -# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses |
71 | | -# * both - The license will only be approved if it is both OSI-approved *AND* FSF/Free |
72 | | -# * either - The license will be approved if it is either OSI-approved *OR* FSF/Free |
73 | | -# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF/Free |
74 | | -# * fsf-only - The license will be approved if is FSF/Free *AND NOT* OSI-approved |
75 | | -# * neither - The license will be denied if is FSF/Free *OR* OSI-approved |
76 | | -allow-osi-fsf-free = "neither" |
77 | | -# The confidence threshold for detecting a license from license text. |
78 | | -# The higher the value, the more closely the license text must be to the |
79 | | -# canonical license text of a valid SPDX license file. |
80 | | -# [possible values: any between 0.0 and 1.0]. |
81 | | -confidence-threshold = 0.8 |
82 | | - |
83 | | -# This section is considered when running `cargo deny check bans`. |
84 | | -# More documentation about the 'bans' section can be found here: |
85 | | -# https://github.com/EmbarkStudios/cargo-deny#crate-bans-cargo-deny-check-ban |
86 | | -[bans] |
87 | | -# Lint level for when multiple versions of the same crate are detected |
88 | | -multiple-versions = "warn" |
89 | | -# The graph highlighting used when creating dotgraphs for crates |
90 | | -# with multiple versions |
91 | | -# * lowest-version - The path to the lowest versioned duplicate is highlighted |
92 | | -# * simplest-path - The path to the version with the fewest edges is highlighted |
93 | | -# * all - Both lowest-version and simplest-path are used |
94 | | -highlight = "all" |
95 | | -# List of crates that are allowed. Use with care! |
| 7 | +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. |
96 | 8 | allow = [ |
97 | | - #{ name = "ansi_term", version = "=0.11.0" }, |
98 | | -] |
99 | | -# List of crates to deny |
100 | | -deny = [ |
101 | | - # Each entry the name of a crate and a version range. If version is |
102 | | - # not specified, all versions will be matched. |
103 | | - #{ name = "ansi_term", version = "=0.11.0" }, |
104 | | -] |
105 | | -# Certain crates/versions that will be skipped when doing duplicate detection. |
106 | | -skip = [ |
107 | | - #{ name = "ansi_term", version = "=0.11.0" }, |
108 | | -] |
109 | | -# Similarly to `skip` allows you to skip certain crates during duplicate detection, |
110 | | -# unlike skip, it also includes the entire tree of transitive dependencies starting at |
111 | | -# the specified crate, up to a certain depth, which is by default infinite |
112 | | -skip-tree = [ |
113 | | - #{ name = "ansi_term", version = "=0.11.0", depth = 20 }, |
| 9 | + "Apache-2.0", |
| 10 | + "MIT", |
| 11 | + "Unicode-3.0", |
114 | 12 | ] |
115 | | - |
116 | | - |
117 | | -# This section is considered when running `cargo deny check sources`. |
118 | | -# More documentation about the 'sources' section can be found here: |
119 | | -# https://github.com/EmbarkStudios/cargo-deny#crate-sources-cargo-deny-check-sources |
120 | | -[sources] |
121 | | -# Lint level for what to happen when a crate from a crate registry that is not in the allow list is encountered |
122 | | -unknown-registry = "warn" |
123 | | -# Lint level for what to happen when a crate from a git repository that is not in the allow list is encountered |
124 | | -unknown-git = "warn" |
125 | | -# List of URLs for allowed crate registries, by default https://github.com/rust-lang/crates.io-index is included |
126 | | -#allow-registry = [] |
127 | | -# List of URLs for allowed Git repositories |
128 | | -allow-git = [] |
0 commit comments