2020-11-11 17:09:28 -08:00
|
|
|
[advisories]
|
2021-12-08 17:34:21 -08:00
|
|
|
# cargo-audit handles these. In the case where we have to temporarily allow
|
|
|
|
|
# some unmaintained/yanked crates, we'll do that in .cargo/audit.toml.
|
|
|
|
|
unmaintained = "allow"
|
|
|
|
|
yanked = "allow"
|
2020-11-11 17:09:28 -08:00
|
|
|
notice = "deny"
|
|
|
|
|
|
|
|
|
|
[licenses]
|
|
|
|
|
allow = [
|
|
|
|
|
"Apache-2.0",
|
|
|
|
|
"ISC",
|
|
|
|
|
"LicenseRef-ring",
|
|
|
|
|
"MIT",
|
2022-10-17 09:10:18 -07:00
|
|
|
"Unicode-DFS-2016",
|
2020-11-11 17:09:28 -08:00
|
|
|
]
|
|
|
|
|
confidence-threshold = 1.0
|
|
|
|
|
|
|
|
|
|
[[licenses.clarify]]
|
|
|
|
|
name = "ring"
|
|
|
|
|
expression = "LicenseRef-ring"
|
|
|
|
|
license-files = [
|
|
|
|
|
{ path = "LICENSE", hash = 0xbd0eed23 },
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
[bans]
|
2020-11-30 10:43:31 -08:00
|
|
|
# We don't maintain a fixed Cargo.lock so enforcing
|
|
|
|
|
# `multiple-versions = "deny"` is impractical.
|
|
|
|
|
multiple-versions = "allow"
|
2020-11-11 17:09:28 -08:00
|
|
|
wildcards = "deny"
|
|
|
|
|
|
|
|
|
|
[sources]
|
|
|
|
|
unknown-registry = "deny"
|
|
|
|
|
unknown-git = "deny"
|
