1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/
[]
= true
# macroquad is used only by the examples in `examples/` and never
# ships in the published crate. Auditing dev-dependencies would
# block releases on advisories that cannot reach end users.
= true
[]
# Opt into cargo-deny v2 advisory semantics: every RUSTSEC category
# (vulnerability, unsound, unmaintained, notice) is treated as an
# error by default rather than relying on per-severity opt-ins.
= 2
= "~/.cargo/advisory-db"
= ["https://github.com/rustsec/advisory-db"]
# Treat yanked crates as a hard error — yanking from crates.io is the
# author signalling 'do not depend on this version'.
= "deny"
# Flag unmaintained advisories regardless of whether the affected
# crate is direct or transitive ('all' is the cargo-deny default but
# we set it explicitly so the policy is visible at a glance).
= "all"
# Specific advisory IDs to suppress would go here, e.g. RUSTSEC-2020-0071
# Each entry should carry a reason in a comment so the suppression is
# auditable.
= []
[]
# Permissive licenses actually encountered in the Rust dependency
# graph. Kept tight on purpose: cargo-deny warns on entries that
# match nothing, which is how we notice when a future dependency
# pulls in a license the project has not opted into. New licenses
# get added here when, and only when, a real dep brings them in.
#
# The vendored Clipper2 C++ source pulled in transitively via the
# clipper2c-sys crate is BSL-1.0 (Boost Software License 1.0) and is
# documented in that crate's repository — cargo-deny only sees Rust
# crates, not the vendored C++ tree.
= [
"MIT",
"Apache-2.0",
"Unicode-3.0",
]
= 0.93
= []
[]
= "warn"
= "warn"
= []
= []
= []
= []
[]
= "deny"
= "deny"
= ["https://github.com/rust-lang/crates.io-index"]
= []