-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathdeny.toml
More file actions
111 lines (98 loc) · 4.45 KB
/
deny.toml
File metadata and controls
111 lines (98 loc) · 4.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Copied from https://github.com/rerun-io/rerun_template
#
# https://github.com/EmbarkStudios/cargo-deny
#
# cargo-deny checks our dependency tree for copy-left licenses,
# duplicate dependencies, and rustsec advisories (https://rustsec.org/advisories).
#
# Install: `cargo install cargo-deny`
# Check: `cargo deny check`.
# Note: running just `cargo deny check` without a `--target` can result in
# false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324
[graph]
targets = [
{ triple = "aarch64-apple-darwin" },
{ triple = "i686-pc-windows-gnu" },
{ triple = "i686-pc-windows-msvc" },
{ triple = "i686-unknown-linux-gnu" },
{ triple = "wasm32-unknown-unknown" },
{ triple = "x86_64-apple-darwin" },
{ triple = "x86_64-pc-windows-gnu" },
{ triple = "x86_64-pc-windows-msvc" },
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "x86_64-unknown-linux-musl" },
{ triple = "x86_64-unknown-redox" },
]
all-features = true
[advisories]
version = 2
ignore = [
"RUSTSEC-2024-0320", # unmaintained yaml-rust pulled in by syntect
"RUSTSEC-2024-0436", # unmaintained paste pulled via metal/wgpu, see https://github.com/gfx-rs/metal-rs/issues/349
"RUSTSEC-2025-0141", # https://rustsec.org/advisories/RUSTSEC-2025-0141 - bincode is unmaintained - https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
]
[bans]
multiple-versions = "deny" # Use `cargo tree --duplicates` to easily find duplicates
wildcards = "deny"
deny = [
{ name = "cmake", reason = "It has hurt me too much" },
{ name = "openssl-sys", reason = "Use rustls" },
{ name = "openssl", reason = "Use rustls" },
]
skip = [
{ name = "bit-set" }, # wgpu's naga depends on 0.8, syntect's (used by egui_extras) fancy-regex depends on 0.5
{ name = "bit-vec" }, # dependency of bit-set in turn, different between 0.6 and 0.5
{ name = "bitflags" }, # old 1.0 version via glutin, png, spirv, …
{ name = "core-foundation" }, # version conflict between winit and wgpu ecosystems
{ name = "core-graphics-types" }, # version conflict between winit and wgpu ecosystems
{ name = "getrandom" }, # ring / rustls (and thus ehttp) still depend on getrandom 0.2
{ name = "kurbo" }, # Old version because of resvg
{ name = "redox_syscall" }, # old version via winit
{ name = "rustc-hash" }, # Small enough
{ name = "thiserror" }, # ecosystem is in the process of migrating from 1.x to 2.x
{ name = "thiserror-impl" }, # same as above
{ name = "toml_datetime" }, # required while eco-system updates to toml 1.0
{ name = "windows-sys" }, # mostly hopeless to avoid
]
skip-tree = [
{ name = "hashbrown" }, # wgpu's naga depends on 0.16, accesskit depends on 0.15
{ name = "rfd" }, # example dependency
{ name = "windows" }, # the ecosystem is currently transitioning from 0.58 to 0.61
]
[licenses]
version = 2
private = { ignore = true }
confidence-threshold = 0.93 # We want really high confidence when inferring licenses from text
allow = [
"Apache-2.0 WITH LLVM-exception", # https://spdx.org/licenses/LLVM-exception.html
"Apache-2.0", # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
"BSD-2-Clause", # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)
"BSD-3-Clause", # https://tldrlegal.com/license/bsd-3-clause-license-(revised)
"BSL-1.0", # https://tldrlegal.com/license/boost-software-license-1.0-explained
"CC0-1.0", # https://creativecommons.org/publicdomain/zero/1.0/
"ISC", # https://www.tldrlegal.com/license/isc-license
"MIT-0", # https://choosealicense.com/licenses/mit-0/
"MIT", # https://tldrlegal.com/license/mit-license
"MPL-2.0", # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11. Used by webpki-roots on Linux.
"OFL-1.1", # https://spdx.org/licenses/OFL-1.1.html
"OpenSSL", # https://www.openssl.org/source/license.html - used on Linux
"Ubuntu-font-1.0", # https://ubuntu.com/legal/font-licence
"Unicode-3.0", # https://www.unicode.org/license.txt
"Unicode-DFS-2016", # https://spdx.org/licenses/Unicode-DFS-2016.html
"Zlib", # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
]
exceptions = []
[[licenses.clarify]]
name = "webpki"
expression = "ISC"
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]
[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
"https://github.com/rerun-io/kittest", # TODO(lucasmerlin): remove this once the kittest crate is published"
]