1 files changed, 38 insertions, 6 deletions

diff --git a/deny.toml b/deny.toml
index 994369f..df3a3c5 100644
--- a/deny.toml
+++ b/deny.toml
@@ -1,25 +1,49 @@
+[graph]
 targets = [
     { triple = "x86_64-unknown-linux-musl" },
     { triple = "x86_64-unknown-linux-gnu" },
+    { triple = "x86_64-apple-darwin" },
+    { triple = "aarch64-apple-darwin" },
 ]
 
 [advisories]
+version = 2
 yanked = "deny"
-unsound = "deny"
+ignore = [
+    # this is a timing attack against using the rsa crate for encryption, but
+    # we only use rsa decryption here
+    "RUSTSEC-2023-0071",
+]
 
 [bans]
+multiple-versions = "deny"
+wildcards = "deny"
 deny = [
     { name = "openssl-sys" },
 ]
 skip = [
-    # this is pulled in by rsa -> num-bigint-dig, but it's just a build dep so
-    # i don't care much
-    { name = "autocfg", version = "0.1.7" }
+    # the ecosystem is pretty split on these at the moment, should keep an
+    # eye on this to remove once more things have standardized on version 2
+    { name = "bitflags", version = "1.3.2" },
+    { name = "bitflags", version = "2.4.1" },
+
+    # see https://github.com/dignifiedquire/num-bigint/pull/58 and
+    # https://github.com/RustCrypto/RSA/issues/390 which should hopefully
+    # resolve this soon
+    { name = "spin", version = "0.5.2" },
+    { name = "spin", version = "0.9.8" },
 ]
 
 [licenses]
-allow = ["MIT", "BSD-3-Clause", "Apache-2.0", "ISC"]
-copyleft = "deny"
+version = 2
+allow = [
+    "MIT",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "Apache-2.0",
+    "ISC",
+    "Unicode-DFS-2016",
+]
 exceptions = [
     { name = "ring", allow = ["OpenSSL", "MIT", "ISC"] }
 ]
@@ -31,3 +55,11 @@ expression = "MIT AND ISC AND OpenSSL"
 license-files = [
     { path = "LICENSE", hash = 0xbd0eed23 }
 ]
+
+[[licenses.clarify]]
+name = "encoding_rs"
+version = "*"
+expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause"
+license-files = [
+    { path = "COPYRIGHT", hash = 0x39f8ad31 }
+]