| # This template contains all of the possible sections and their default values | |
| # Note that all fields that take a lint level have these possible values: | |
| # * deny - An error will be produced and the check will fail | |
| # * warn - A warning will be produced, but the check will not fail | |
| # * allow - No warning or error will be produced, though in some cases a note | |
| # will be | |
| # The values provided in this template are the default values that will be used | |
| # when any section or field is not specified in your own configuration | |
| [graph] | |
| # If 1 or more target triples (and optionally, target_features) are specified, | |
| # only the specified targets will be checked when running `cargo deny check`. | |
| # This means, if a particular package is only ever used as a target specific | |
| # dependency, such as, for example, the `nix` crate only being used via the | |
| # `target_family = "unix"` configuration, that only having windows targets in | |
| # this list would mean the nix crate, as well as any of its exclusive | |
| # dependencies not shared by any other crates, would be ignored, as the target | |
| # list here is effectively saying which targets you are building for. | |
| targets = [ | |
| # The triple can be any string, but only the target triples built in to | |
| # rustc (as of 1.40) can be checked against actual config expressions | |
| #{ triple = "x86_64-unknown-linux-musl" }, | |
| # You can also specify which target_features you promise are enabled for a | |
| # particular target. target_features are currently not validated against | |
| # the actual valid features supported by the target architecture. | |
| #{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, | |
| ] | |
| # Tauri produces too many nonsense warnings. | |
| exclude = ["tauri", "tauri-build"] | |
| # This section is considered when running `cargo deny check advisories` | |
| # More documentation for the advisories section can be found here: | |
| # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html | |
| [advisories] | |
| # The path where the advisory database is cloned/fetched into | |
| db-path = "~/.cargo/advisory-db" | |
| # The url(s) of the advisory databases to use | |
| db-urls = ["https://github.com/rustsec/advisory-db"] | |
| # A list of advisory IDs to ignore. Note that ignored advisories will still | |
| # output a note when they are encountered. | |
| ignore = [ | |
| "RUSTSEC-2024-0370", # Unmaintained but still fully functional crate `proc-macro-error` | |
| "RUSTSEC-2024-0388", # Unmaintained but still fully functional crate `derivative` | |
| "RUSTSEC-2025-0007", # Unmaintained but still fully functional crate `ring` | |
| "RUSTSEC-2024-0436", # Unmaintained but still fully functional crate `paste` | |
| "RUSTSEC-2025-0014", # Unmaintained but still fully functional crate `humantime` | |
| ] | |
| # Threshold for security vulnerabilities, any vulnerability with a CVSS score | |
| # lower than the range specified will be ignored. Note that ignored advisories | |
| # will still output a note when they are encountered. | |
| # * None - CVSS Score 0.0 | |
| # * Low - CVSS Score 0.1 - 3.9 | |
| # * Medium - CVSS Score 4.0 - 6.9 | |
| # * High - CVSS Score 7.0 - 8.9 | |
| # * Critical - CVSS Score 9.0 - 10.0 | |
| #severity-threshold = | |
| # This section is considered when running `cargo deny check licenses` | |
| # More documentation for the licenses section can be found here: | |
| # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html | |
| [licenses] | |
| # List of explicitly allowed licenses | |
| # See https://spdx.org/licenses/ for list of possible licenses | |
| # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. | |
| # | |
| # Keep this list in sync with those in `/about.toml` and `/frontend/vite.config.ts`. | |
| allow = [ | |
| "Apache-2.0 WITH LLVM-exception", | |
| "Apache-2.0", | |
| "BSD-2-Clause", | |
| "BSD-3-Clause", | |
| "BSL-1.0", | |
| "CC0-1.0", | |
| "ISC", | |
| "MIT", | |
| "MPL-2.0", | |
| "OpenSSL", | |
| "Unicode-3.0", | |
| "Zlib", | |
| "NCSA", | |
| ] | |
| # The confidence threshold for detecting a license from license text. | |
| # The higher the value, the more closely the license text must be to the | |
| # canonical license text of a valid SPDX license file. | |
| # [possible values: any between 0.0 and 1.0]. | |
| confidence-threshold = 0.8 | |
| # Allow 1 or more licenses on a per-crate basis, so that particular licenses | |
| # aren't accepted for every possible crate as with the normal allow list | |
| exceptions = [ | |
| # Each entry is the crate and version constraint, and its specific allow | |
| # list | |
| #{ allow = ["Zlib"], name = "adler32", version = "*" }, | |
| ] | |
| # Some crates don't have (easily) machine readable licensing information, | |
| # adding a clarification entry for it allows you to manually specify the | |
| # licensing information | |
| [[licenses.clarify]] | |
| # The name of the crate the clarification applies to | |
| name = "ring" | |
| # The optional version constraint for the crate | |
| #version = "*" | |
| # The SPDX expression for the license requirements of the crate | |
| expression = "MIT AND ISC AND OpenSSL" | |
| # One or more files in the crate's source used as the "source of truth" for | |
| # the license expression. If the contents match, the clarification will be used | |
| # when running the license check, otherwise the clarification will be ignored | |
| # and the crate will be checked normally, which may produce warnings or errors | |
| # depending on the rest of your configuration | |
| license-files = [ | |
| # Each entry is a crate relative path, and the (opaque) hash of its contents | |
| { path = "LICENSE", hash = 0xbd0eed23 }, | |
| ] | |
| [licenses.private] | |
| # If true, ignores workspace crates that aren't published, or are only | |
| # published to private registries | |
| ignore = false | |
| # One or more private registries that you might publish crates to, if a crate | |
| # is only published to private registries, and ignore is true, the crate will | |
| # not have its license(s) checked | |
| registries = [ | |
| #"https://sekretz.com/registry | |
| ] | |
| # This section is considered when running `cargo deny check bans`. | |
| # More documentation about the 'bans' section can be found here: | |
| # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html | |
| [bans] | |
| # Lint level for when multiple versions of the same crate are detected | |
| multiple-versions = "allow" | |
| # Lint level for when a crate version requirement is `*` | |
| wildcards = "allow" | |
| # The graph highlighting used when creating dotgraphs for crates | |
| # with multiple versions | |
| # * lowest-version - The path to the lowest versioned duplicate is highlighted | |
| # * simplest-path - The path to the version with the fewest edges is highlighted | |
| # * all - Both lowest-version and simplest-path are used | |
| highlight = "all" | |
| # List of crates that are allowed. Use with care! | |
| allow = [ | |
| #{ name = "ansi_term", version = "=0.11.0" }, | |
| ] | |
| # List of crates to deny | |
| deny = [ | |
| # Each entry the name of a crate and a version range. If version is | |
| # not specified, all versions will be matched. | |
| #{ name = "ansi_term", version = "=0.11.0" }, | |
| # | |
| # Wrapper crates can optionally be specified to allow the crate when it | |
| # is a direct dependency of the otherwise banned crate | |
| #{ name = "ansi_term", version = "=0.11.0", wrappers = [] }, | |
| ] | |
| # Certain crates/versions that will be skipped when doing duplicate detection. | |
| skip = [ | |
| #{ name = "ansi_term", version = "=0.11.0" }, | |
| #{ name = "cfg-if", version = "=0.1.10" }, | |
| ] | |
| # Similarly to `skip` allows you to skip certain crates during duplicate | |
| # detection. Unlike skip, it also includes the entire tree of transitive | |
| # dependencies starting at the specified crate, up to a certain depth, which is | |
| # by default infinite | |
| skip-tree = [ | |
| #{ name = "ansi_term", version = "=0.11.0", depth = 20 }, | |
| ] | |
| # This section is considered when running `cargo deny check sources`. | |
| # More documentation about the 'sources' section can be found here: | |
| # https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html | |
| [sources] | |
| # Lint level for what to happen when a crate from a crate registry that is not | |
| # in the allow list is encountered | |
| unknown-registry = "warn" | |
| # Lint level for what to happen when a crate from a git repository that is not | |
| # in the allow list is encountered | |
| unknown-git = "warn" | |
| # List of URLs for allowed crate registries. Defaults to the crates.io index | |
| # if not specified. If it is specified but empty, no registries are allowed. | |
| allow-registry = ["https://github.com/rust-lang/crates.io-index"] | |
| # List of URLs for allowed Git repositories | |
| allow-git = [] | |
| [sources.allow-org] | |
| # 1 or more github.com organizations to allow git sources for | |
| github = ["linebender", "Rust-GPU", "specta-rs"] | |
| # 1 or more gitlab.com organizations to allow git sources for | |
| #gitlab = [""] | |
| # 1 or more bitbucket.org organizations to allow git sources for | |
| #bitbucket = [""] | |