Cradicle Explorer
egui
/ deny.toml
deny.toml
 1  # https://embarkstudios.github.io/cargo-deny/
 2  
 3  targets = [
 4      { triple = "aarch64-apple-darwin" },
 5      { triple = "aarch64-linux-android" },
 6      { triple = "x86_64-apple-darwin" },
 7      { triple = "x86_64-pc-windows-msvc" },
 8      { triple = "x86_64-unknown-linux-gnu" },
 9      { triple = "x86_64-unknown-linux-musl" },
10  ]
11  
12  [advisories]
13  vulnerability = "deny"
14  unmaintained = "warn"
15  yanked = "deny"
16  ignore = [
17      "RUSTSEC-2020-0071", # https://rustsec.org/advisories/RUSTSEC-2020-0071 - chrono/time: Potential segfault in the time crate
18      "RUSTSEC-2020-0159", # https://rustsec.org/advisories/RUSTSEC-2020-0159 - chrono/time: Potential segfault in localtime_r invocations
19      "RUSTSEC-2021-0019", # https://rustsec.org/advisories/RUSTSEC-2021-0019 - xcb - is being worked on: https://github.com/rust-x-bindings/rust-xcb/issues/107
20  ]
21  
22  [bans]
23  multiple-versions = "deny"
24  wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed
25  deny = [
26      { name = "openssl" },           # prefer rustls
27      { name = "openssl-sys" },       # prefer rustls
28  ]
29  
30  skip = [
31      { name = "ahash"      }, # old version via dark-light
32      { name = "arrayvec"   }, # old version via tiny-skia
33      { name = "hashbrown"  }, # old version via dark-light
34      { name = "time"       }, # old version pulled in by unmaintianed crate 'chrono'
35      { name = "ttf-parser" }, # different versions pulled in by ab_glyph and usvg
36  ]
37  skip-tree = [
38      { name = "criterion" }, # dev-dependnecy
39      { name = "glium"     }, # legacy crate, lots of old dependencies
40      { name = "glutin"    }, # legacy crate, lots of old dependencies
41  ]
42  
43  
44  [licenses]
45  unlicensed = "deny"
46  allow-osi-fsf-free = "neither"
47  confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text
48  copyleft = "deny"
49  allow = [
50      "Apache-2.0 WITH LLVM-exception", # https://spdx.org/licenses/LLVM-exception.html
51      "Apache-2.0",                     # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
52      "BSD-2-Clause",                   # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)
53      "BSD-3-Clause",                   # https://tldrlegal.com/license/bsd-3-clause-license-(revised)
54      "BSL-1.0",                        # https://tldrlegal.com/license/boost-software-license-1.0-explained
55      "CC0-1.0",                        # https://creativecommons.org/publicdomain/zero/1.0/
56      "ISC",                            # https://tldrlegal.com/license/-isc-license
57      "MIT",                            # https://tldrlegal.com/license/mit-license
58      "MPL-2.0",                        # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11
59      "OpenSSL",                        # https://www.openssl.org/source/license.html
60      "Zlib",                           # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
61  ]
62  
63  [[licenses.clarify]]
64  name = "webpki"
65  expression = "ISC"
66  license-files = [
67      { path = "LICENSE", hash = 0x001c7e6c }
68  ]
69  
70  [[licenses.clarify]]
71  name = "ring"
72  expression = "MIT AND ISC AND OpenSSL"
73  license-files = [
74      { path = "LICENSE", hash = 0xbd0eed23 }
75  ]