[advisories] ignore = [ # generic-array v0.12.3 allowed unsoundly extending lifetimes # but used only on build-dependencies by pest_meta "RUSTSEC-2020-0146", ] [bans] multiple-versions = "warn" deny = [ # color-backtrace is nice but brings in too many dependencies and that are often outdated, so not worth it for us. { name = "color-backtrace" }, # deprecated { name = "quickersort" }, # term is not fully maintained, and termcolor is replacing it { name = "term" }, ] skip-tree = [ { name = "winapi", version = "<= 0.3" }, ] [licenses] unlicensed = "deny" # We want really high confidence when inferring licenses from text confidence-threshold = 0.92 allow = [ "AGPL-3.0", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "CC0-1.0", "ISC", "MIT", "MPL-2.0", "OpenSSL", "Zlib" ] [[licenses.clarify]] name = "ring" # SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses # https://spdx.org/licenses/OpenSSL.html # ISC - Both BoringSSL and ring use this for their new files # MIT - "Files in third_party/ have their own licenses, as described therein. The MIT # license, for third_party/fiat, which, unlike other third_party directories, is # compiled into non-test libraries, is included below." # OpenSSL - Obviously expression = "ISC AND MIT AND OpenSSL" license-files = [ { path = "LICENSE", hash = 0xbd0eed23 }, ] [sources] unknown-registry = "deny" unknown-git = "deny"