diff options
Diffstat (limited to 'deny.toml')
-rw-r--r-- | deny.toml | 44 |
1 files changed, 38 insertions, 6 deletions
@@ -1,25 +1,49 @@ +[graph] targets = [ { triple = "x86_64-unknown-linux-musl" }, { triple = "x86_64-unknown-linux-gnu" }, + { triple = "x86_64-apple-darwin" }, + { triple = "aarch64-apple-darwin" }, ] [advisories] +version = 2 yanked = "deny" -unsound = "deny" +ignore = [ + # this is a timing attack against using the rsa crate for encryption, but + # we only use rsa decryption here + "RUSTSEC-2023-0071", +] [bans] +multiple-versions = "deny" +wildcards = "deny" deny = [ { name = "openssl-sys" }, ] skip = [ - # this is pulled in by rsa -> num-bigint-dig, but it's just a build dep so - # i don't care much - { name = "autocfg", version = "0.1.7" } + # the ecosystem is pretty split on these at the moment, should keep an + # eye on this to remove once more things have standardized on version 2 + { name = "bitflags", version = "1.3.2" }, + { name = "bitflags", version = "2.4.1" }, + + # see https://github.com/dignifiedquire/num-bigint/pull/58 and + # https://github.com/RustCrypto/RSA/issues/390 which should hopefully + # resolve this soon + { name = "spin", version = "0.5.2" }, + { name = "spin", version = "0.9.8" }, ] [licenses] -allow = ["MIT", "BSD-3-Clause", "Apache-2.0", "ISC"] -copyleft = "deny" +version = 2 +allow = [ + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "Apache-2.0", + "ISC", + "Unicode-DFS-2016", +] exceptions = [ { name = "ring", allow = ["OpenSSL", "MIT", "ISC"] } ] @@ -31,3 +55,11 @@ expression = "MIT AND ISC AND OpenSSL" license-files = [ { path = "LICENSE", hash = 0xbd0eed23 } ] + +[[licenses.clarify]] +name = "encoding_rs" +version = "*" +expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause" +license-files = [ + { path = "COPYRIGHT", hash = 0x39f8ad31 } +] |