[]
= [
"MIT",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"Unicode-3.0",
"OpenSSL",
"Zlib",
# webpki-roots ships Mozilla's CA data under CDLA-Permissive-2.0.
"CDLA-Permissive-2.0",
]
[]
= "deny"
= [
# time 0.3.45 stack-exhaustion DoS when parsing adversarial input. The fix
# (time >= 0.3.47) pulls time-core/time-macros that require Rust 1.88 —
# above our MSRV of 1.85. This crate only parses fixed formats (RFC 3339,
# YYYY-MM-DD) from Linear API responses, not attacker-controlled recursive
# input. Revisit (drop this ignore + `cargo update -p time`) on the next
# MSRV bump.
"RUSTSEC-2026-0009",
]
[]
= "allow"
[]
= "deny"
= "deny"