You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

275 lines
12 KiB

3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
  1. # This template contains all of the possible sections and their default values
  2. # Note that all fields that take a lint level have these possible values:
  3. # * deny - An error will be produced and the check will fail
  4. # * warn - A warning will be produced, but the check will not fail
  5. # * allow - No warning or error will be produced, though in some cases a note
  6. # will be
  7. # The values provided in this template are the default values that will be used
  8. # when any section or field is not specified in your own configuration
  9. # Root options
  10. # If 1 or more target triples (and optionally, target_features) are specified,
  11. # only the specified targets will be checked when running `cargo deny check`.
  12. # This means, if a particular package is only ever used as a target specific
  13. # dependency, such as, for example, the `nix` crate only being used via the
  14. # `target_family = "unix"` configuration, that only having windows targets in
  15. # this list would mean the nix crate, as well as any of its exclusive
  16. # dependencies not shared by any other crates, would be ignored, as the target
  17. # list here is effectively saying which targets you are building for.
  18. targets = [
  19. # The triple can be any string, but only the target triples built in to
  20. # rustc (as of 1.40) can be checked against actual config expressions
  21. #{ triple = "x86_64-unknown-linux-musl" },
  22. # You can also specify which target_features you promise are enabled for a
  23. # particular target. target_features are currently not validated against
  24. # the actual valid features supported by the target architecture.
  25. #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
  26. { triple = "x86_64-unknown-linux-gnu" },
  27. { triple = "aarch64-unknown-linux-gnu" },
  28. { triple = "x86_64-unknown-linux-musl" },
  29. { triple = "aarch64-apple-darwin" },
  30. { triple = "x86_64-apple-darwin" },
  31. ]
  32. # When creating the dependency graph used as the source of truth when checks are
  33. # executed, this field can be used to prune crates from the graph, removing them
  34. # from the view of cargo-deny. This is an extremely heavy hammer, as if a crate
  35. # is pruned from the graph, all of its dependencies will also be pruned unless
  36. # they are connected to another crate in the graph that hasn't been pruned,
  37. # so it should be used with care. The identifiers are [Package ID Specifications]
  38. # (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html)
  39. #exclude = []
  40. # If true, metadata will be collected with `--all-features`. Note that this can't
  41. # be toggled off if true, if you want to conditionally enable `--all-features` it
  42. # is recommended to pass `--all-features` on the cmd line instead
  43. all-features = true
  44. # If true, metadata will be collected with `--no-default-features`. The same
  45. # caveat with `all-features` applies
  46. no-default-features = false
  47. # If set, these feature will be enabled when collecting metadata. If `--features`
  48. # is specified on the cmd line they will take precedence over this option.
  49. #features = []
  50. # When outputting inclusion graphs in diagnostics that include features, this
  51. # option can be used to specify the depth at which feature edges will be added.
  52. # This option is included since the graphs can be quite large and the addition
  53. # of features from the crate(s) to all of the graph roots can be far too verbose.
  54. # This option can be overridden via `--feature-depth` on the cmd line
  55. feature-depth = 1
  56. # This section is considered when running `cargo deny check advisories`
  57. # More documentation for the advisories section can be found here:
  58. # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
  59. [advisories]
  60. # The path where the advisory database is cloned/fetched into
  61. db-path = "~/.cargo/advisory-db"
  62. # The url(s) of the advisory databases to use
  63. db-urls = ["https://github.com/rustsec/advisory-db"]
  64. # The lint level for security vulnerabilities
  65. vulnerability = "deny"
  66. # The lint level for unmaintained crates
  67. unmaintained = "warn"
  68. # The lint level for crates that have been yanked from their source registry
  69. yanked = "warn"
  70. # The lint level for crates with security notices. Note that as of
  71. # 2019-12-17 there are no security notice advisories in
  72. # https://github.com/rustsec/advisory-db
  73. notice = "warn"
  74. # A list of advisory IDs to ignore. Note that ignored advisories will still
  75. # output a note when they are encountered.
  76. ignore = [
  77. #"RUSTSEC-0000-0000",
  78. ]
  79. # Threshold for security vulnerabilities, any vulnerability with a CVSS score
  80. # lower than the range specified will be ignored. Note that ignored advisories
  81. # will still output a note when they are encountered.
  82. # * None - CVSS Score 0.0
  83. # * Low - CVSS Score 0.1 - 3.9
  84. # * Medium - CVSS Score 4.0 - 6.9
  85. # * High - CVSS Score 7.0 - 8.9
  86. # * Critical - CVSS Score 9.0 - 10.0
  87. #severity-threshold =
  88. # If this is true, then cargo deny will use the git executable to fetch advisory database.
  89. # If this is false, then it uses a built-in git library.
  90. # Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
  91. # See Git Authentication for more information about setting up git authentication.
  92. #git-fetch-with-cli = true
  93. # This section is considered when running `cargo deny check licenses`
  94. # More documentation for the licenses section can be found here:
  95. # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
  96. [licenses]
  97. # The lint level for crates which do not have a detectable license
  98. unlicensed = "deny"
  99. # List of explicitly allowed licenses
  100. # See https://spdx.org/licenses/ for list of possible licenses
  101. # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
  102. allow = [
  103. "Apache-2.0",
  104. "BSD-3-Clause",
  105. "MIT",
  106. "Unicode-DFS-2016",
  107. ]
  108. # List of explicitly disallowed licenses
  109. # See https://spdx.org/licenses/ for list of possible licenses
  110. # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
  111. deny = [
  112. #"Nokia",
  113. ]
  114. # Lint level for licenses considered copyleft
  115. copyleft = "warn"
  116. # Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
  117. # * both - The license will be approved if it is both OSI-approved *AND* FSF
  118. # * either - The license will be approved if it is either OSI-approved *OR* FSF
  119. # * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
  120. # * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
  121. # * neither - This predicate is ignored and the default lint level is used
  122. allow-osi-fsf-free = "neither"
  123. # Lint level used when no other predicates are matched
  124. # 1. License isn't in the allow or deny lists
  125. # 2. License isn't copyleft
  126. # 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
  127. default = "deny"
  128. # The confidence threshold for detecting a license from license text.
  129. # The higher the value, the more closely the license text must be to the
  130. # canonical license text of a valid SPDX license file.
  131. # [possible values: any between 0.0 and 1.0].
  132. confidence-threshold = 0.8
  133. # Allow 1 or more licenses on a per-crate basis, so that particular licenses
  134. # aren't accepted for every possible crate as with the normal allow list
  135. exceptions = [
  136. # Each entry is the crate and version constraint, and its specific allow
  137. # list
  138. #{ allow = ["Zlib"], name = "adler32", version = "*" },
  139. ]
  140. # Some crates don't have (easily) machine readable licensing information,
  141. # adding a clarification entry for it allows you to manually specify the
  142. # licensing information
  143. #[[licenses.clarify]]
  144. # The name of the crate the clarification applies to
  145. #name = "ring"
  146. # The optional version constraint for the crate
  147. #version = "*"
  148. # The SPDX expression for the license requirements of the crate
  149. #expression = "MIT AND ISC AND OpenSSL"
  150. # One or more files in the crate's source used as the "source of truth" for
  151. # the license expression. If the contents match, the clarification will be used
  152. # when running the license check, otherwise the clarification will be ignored
  153. # and the crate will be checked normally, which may produce warnings or errors
  154. # depending on the rest of your configuration
  155. #license-files = [
  156. # Each entry is a crate relative path, and the (opaque) hash of its contents
  157. #{ path = "LICENSE", hash = 0xbd0eed23 }
  158. #]
  159. [licenses.private]
  160. # If true, ignores workspace crates that aren't published, or are only
  161. # published to private registries.
  162. # To see how to mark a crate as unpublished (to the official registry),
  163. # visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
  164. ignore = false
  165. # One or more private registries that you might publish crates to, if a crate
  166. # is only published to private registries, and ignore is true, the crate will
  167. # not have its license(s) checked
  168. registries = [
  169. #"https://sekretz.com/registry
  170. ]
  171. # This section is considered when running `cargo deny check bans`.
  172. # More documentation about the 'bans' section can be found here:
  173. # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
  174. [bans]
  175. # Lint level for when multiple versions of the same crate are detected
  176. multiple-versions = "warn"
  177. # Lint level for when a crate version requirement is `*`
  178. wildcards = "allow"
  179. # The graph highlighting used when creating dotgraphs for crates
  180. # with multiple versions
  181. # * lowest-version - The path to the lowest versioned duplicate is highlighted
  182. # * simplest-path - The path to the version with the fewest edges is highlighted
  183. # * all - Both lowest-version and simplest-path are used
  184. highlight = "all"
  185. # The default lint level for `default` features for crates that are members of
  186. # the workspace that is being checked. This can be overriden by allowing/denying
  187. # `default` on a crate-by-crate basis if desired.
  188. workspace-default-features = "allow"
  189. # The default lint level for `default` features for external crates that are not
  190. # members of the workspace. This can be overriden by allowing/denying `default`
  191. # on a crate-by-crate basis if desired.
  192. external-default-features = "allow"
  193. # List of crates that are allowed. Use with care!
  194. allow = [
  195. #{ name = "ansi_term", version = "=0.11.0" },
  196. ]
  197. # List of crates to deny
  198. deny = [
  199. # Each entry the name of a crate and a version range. If version is
  200. # not specified, all versions will be matched.
  201. #{ name = "ansi_term", version = "=0.11.0" },
  202. #
  203. # Wrapper crates can optionally be specified to allow the crate when it
  204. # is a direct dependency of the otherwise banned crate
  205. #{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
  206. ]
  207. # List of features to allow/deny
  208. # Each entry the name of a crate and a version range. If version is
  209. # not specified, all versions will be matched.
  210. #[[bans.features]]
  211. #name = "reqwest"
  212. # Features to not allow
  213. #deny = ["json"]
  214. # Features to allow
  215. #allow = [
  216. # "rustls",
  217. # "__rustls",
  218. # "__tls",
  219. # "hyper-rustls",
  220. # "rustls",
  221. # "rustls-pemfile",
  222. # "rustls-tls-webpki-roots",
  223. # "tokio-rustls",
  224. # "webpki-roots",
  225. #]
  226. # If true, the allowed features must exactly match the enabled feature set. If
  227. # this is set there is no point setting `deny`
  228. #exact = true
  229. # Certain crates/versions that will be skipped when doing duplicate detection.
  230. skip = [
  231. #{ name = "ansi_term", version = "=0.11.0" },
  232. ]
  233. # Similarly to `skip` allows you to skip certain crates during duplicate
  234. # detection. Unlike skip, it also includes the entire tree of transitive
  235. # dependencies starting at the specified crate, up to a certain depth, which is
  236. # by default infinite.
  237. skip-tree = [
  238. #{ name = "ansi_term", version = "=0.11.0", depth = 20 },
  239. ]
  240. # This section is considered when running `cargo deny check sources`.
  241. # More documentation about the 'sources' section can be found here:
  242. # https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
  243. [sources]
  244. # Lint level for what to happen when a crate from a crate registry that is not
  245. # in the allow list is encountered
  246. unknown-registry = "warn"
  247. # Lint level for what to happen when a crate from a git repository that is not
  248. # in the allow list is encountered
  249. unknown-git = "warn"
  250. # List of URLs for allowed crate registries. Defaults to the crates.io index
  251. # if not specified. If it is specified but empty, no registries are allowed.
  252. allow-registry = ["https://github.com/rust-lang/crates.io-index"]
  253. # List of URLs for allowed Git repositories
  254. allow-git = []
  255. [sources.allow-org]
  256. # 1 or more github.com organizations to allow git sources for
  257. #github = [""]
  258. # 1 or more gitlab.com organizations to allow git sources for
  259. #gitlab = [""]
  260. # 1 or more bitbucket.org organizations to allow git sources for
  261. #bitbucket = [""]