fix: update deny.toml to current cargo-deny format

joshrotenberg · joshrotenberg · commit f202a71bbd3f · 2025-08-27T20:14:42.000-07:00
The deny.toml format has changed in newer versions. Removed deprecated
keys and updated to current syntax.
diff --git a/deny.toml b/deny.toml
@@ -1,13 +1,8 @@
-# This template contains all of the possible sections and their default values
-# More detailed descriptions of each section can be found here:
-# https://embarkstudios.github.io/cargo-deny/checks/index.html
+# cargo-deny configuration
+# More info: https://embarkstudios.github.io/cargo-deny/
 
 [graph]
-# When creating the dependency graph used as the source of truth when checks are
-# executed, this field can be used to prune crates from the graph, removing them
-# from the view of cargo-deny
 targets = [
-    # Targets supported by the project
     { triple = "x86_64-unknown-linux-gnu" },
     { triple = "aarch64-unknown-linux-gnu" },
     { triple = "x86_64-apple-darwin" },
@@ -16,19 +11,12 @@ targets = [
 ]
 
 [advisories]
-# The path where the advisory databases are cloned/fetched into
 db-path = "~/.cargo/advisory-db"
-# The url(s) of the advisory databases to use
 db-urls = ["https://github.com/rustsec/advisory-db"]
-# A list of advisory IDs to ignore. Note that ignored advisories will still output a
-# note when they are encountered
-ignore = [
-    #"RUSTSEC-0000-0000",
-    #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
-]
+ignore = []
 
 [licenses]
-# Allow only these licenses
+# List of allowed licenses
 allow = [
     "MIT",
     "Apache-2.0",
@@ -42,67 +30,29 @@ allow = [
     "Unlicense",
 ]
 
-# List of explicitly disallowed licenses
-deny = [
-    "GPL-2.0",
-    "GPL-3.0",
-    "AGPL-3.0",
-    "LGPL-2.0",
-    "LGPL-2.1",
-    "LGPL-3.0",
-]
-
-# Confidence threshold for detecting a license from license text.
 confidence-threshold = 0.8
 
-# Allow licenses that cannot be determined
-allow-osi-fsf-free = "both"
-
-# Clarify dual-licensed crates
 [[licenses.clarify]]
 crate = "ring"
-# The SPDX expression for the license requirements of the crate
 expression = "MIT AND ISC AND OpenSSL"
-# One or more files in the crate's source used as the "source of truth" for
-# the license expression
 license-files = [
     { path = "LICENSE", hash = 0xbd0eed23 },
 ]
 
 [bans]
-# Lint level for when multiple versions of the same crate are detected
 multiple-versions = "warn"
-# Allow wildcard dependencies only for private/path dependencies
 wildcards = "warn"
-# Allow git dependencies
 allow-wildcard-paths = false
-# Highlight specific duplicate versions
 highlight = "all"
-# List of explicitly disallowed crates
-deny = [
-    # Each entry can be just a crate name
-    #{ crate = "ansi_term", use-instead = "yansi" },
-]
+deny = []
 
-# Skip certain crates when checking for duplicates
 skip = [
-    # Windows-only crates on Unix will naturally be duplicated
     { crate = "windows-sys" },
     { crate = "windows-targets" },
-    { crate = "windows_*" },
-]
-
-# Similarly named crates that are allowed to coexist
-allow = [
-    #{ crate = "num-traits", version = "0.1" },
 ]
 
 [sources]
-# Lint level for what to happen when a crate from a crate registry that is not in the allow list is detected
 unknown-registry = "warn"
-# Lint level for what to happen when a crate from a git repository that is not in the allow list is detected
 unknown-git = "warn"
-# List of allowed crate registries
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
-# List of allowed Git repositories
 allow-git = []
