obsidian-export/deny.toml

80 lines
3.2 KiB
TOML
Raw Normal View History

[output]
# When outputting inclusion graphs in diagnostics that include features, this
# option can be used to specify the depth at which feature edges will be added.
# This option is included since the graphs can be quite large and the addition
# of features from the crate(s) to all of the graph roots can be far too verbose.
# This option can be overridden via `--feature-depth` on the cmd line
feature-depth = 1
[advisories]
# Opt-in to new config format - https://github.com/EmbarkStudios/cargo-deny/pull/611
version = 2
# The path where the advisory databases are cloned/fetched into
db-path = "$CARGO_HOME/advisory-dbs"
# The url(s) of the advisory databases to use
db-urls = ["https://github.com/rustsec/advisory-db"]
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
ignore = []
[licenses]
# Opt-in to new config format - https://github.com/EmbarkStudios/cargo-deny/pull/611
version = 2
# Licenses we accept, identified by their SPDX short identifier (+ optional
# exception) from https://spdx.org/licenses/
allow = [
"Apache-2.0",
"BSD-2-Clause",
"BSD-2-Clause-Patent",
"BSD-3-Clause",
"MIT",
"MPL-2.0",
]
unused-allowed-license = "allow"
exceptions = [
{ allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
]
# Default confidence is 0.8, let's require a higher confidence level for now.
# We can lower this later if it's too pedantic.
confidence-threshold = 0.95
[bans]
# Lint level for when multiple versions of the same crate are detected. Deny
# for now to make this super obvious, though we might wish to change this back
# to the default of warn if that gets too disruptive.
#
# Background reading about the use of this check is at:
# https://embarkstudios.github.io/cargo-deny/checks/bans/index.html#use-case---duplicate-version-detection
multiple-versions = "deny"
skip = [
# When encountering multiple versions of crates that we wish to tolerate,
# specify a `<=1.2.3` for the OLDEST version in use. That way, as soon as
# whichever dependency holding us back is updated, one of two things can
# happen:
#
# 1. The dependency is updated to a version that is compatible with the
# other dependencies, resolving the duplication. At this point a WARNING
# will be generated that the `<=1.2.3` version no longer matches anything.
# 2. The dependency is updated to a version that is still not compatible
# with the other dependencies, at which point the ban action will FAIL the
# result. We can then choose to again skip that version, or decide more
# drastic action is needed.
"syn:<=1.0.109",
# filetime depends on redox_syscall which depends on bitflags 1.x, whereas
# other dependencies in our tree depends on bitflags 2.x. This should solve
# itself when a new release is made for filetime, as redox_syscall is
# deprecated and already replaced by libredox anyway
# (https://github.com/alexcrichton/filetime/pull/103)
"bitflags:<=1.3.2",
]
wildcards = "deny"
allow-wildcard-paths = false
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []