# Generated by dev-system/ci
# Configuration for cargo-deny
# See: https://embarkstudios.github.io/cargo-deny/

[advisories]
# The path where the advisory database is cloned/fetched into
db-path = "~/.cargo/advisory-db"
# The url(s) of the advisory databases to use
db-urls = ["https://github.com/rustsec/advisory-db"]
# How to handle crates with security vulnerabilities
vulnerability = "deny"
# How to handle unmaintained crates
unmaintained = "warn"
# How to handle crates that have been yanked from crates.io
yanked = "warn"

[licenses]
# The lint level for crates which do not have a detectable license
unlicensed = "deny"
# List of explicitly allowed licenses
allow = [
    "MIT",
    "MIT-0",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-DFS-2016",
]
# List of explicitly disallowed licenses
deny = [
    "GPL-2.0",
    "GPL-3.0",
    "AGPL-3.0",
]
# Lint level for licenses considered copyleft
copyleft = "warn"
# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
allow-osi-fsf-free = "both"
# Lint level used when no other predicates are matched
default = "deny"

[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "warn"
# Lint level for when an allow-listed crate is detected without an exact version
allow = [
    # Each entry can be just the name and an optional wildcard version.
    # This would ideally be pulled from Cargo.lock deps to keep up to date
    # but that is more complex. It depends on the use case.
]
# Each entry must be a single version number
deny = [
    # Each entry is a crate name. Optionally with a version
]
# Certain crates/versions that will be skipped when doing duplicate detection
skip = [
    # { name = "ansi_term", version = "<= 0.11.0" }
]
# Similarly named crates that are allowed to coexist
skip-tree = [
    # { name = "windows", version = "<=0.46.0" }
]

[sources]
# Lint level for what to happen when a crate from a crate registry that is not in the allow list is detected
unknown-registry = "deny"
# Lint level for what to happen when a crate from a Git repository that is not in the allow list is detected
unknown-git = "deny"
# The allow list of crate registries
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# The allow list of Git repositories
allow-git = []