# Cargo dependencies lint configuration

# More information: https://github.com/EmbarkStudios/cargo-deny
# License identifiers: https://spdx.org/licenses/

targets = [
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "aarch64-unknown-linux-gnu" },
    { triple = "x86_64-unknown-linux-musl" },
    { triple = "aarch64-apple-darwin" },
    { triple = "x86_64-apple-darwin" },
    { triple = "x86_64-pc-windows-msvc" },
]

[advisories]
vulnerability = "deny"
notice = "deny"
yanked = "warn"
unmaintained = "warn"

[bans]
multiple-versions = "deny"
wildcards = "deny"
skip = [
    { name = "itertools" }, # fnmatch-regex uses older version
    { name = "syn" }        # 1.0 -> 2.0 transition is still ongoing
]

[licenses]
allow = [
    # These are all OSI-approved and widely used.
    "Apache-2.0",
    "BSD-2-Clause",
    "ISC",
    "MIT",
]
private = { ignore = true }
copyleft = "allow"
allow-osi-fsf-free = "neither"
unlicensed = "deny"
exceptions = [
    # These are less common OSI-approved licenses.
    # We whitelist them explicitly for crates that "everyone" uses.
    { name = "unicode-ident", allow = ["Unicode-DFS-2016"] },
]

[sources]
unknown-registry = "deny"
unknown-git = "deny"