1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/
#
# Three independent gates:
# advisories - blocks dependencies with known security advisories or yanked
# versions (complements `cargo audit`, but checked against the
# entire graph including transitive git deps).
# licenses - restricts the set of acceptable SPDX license expressions.
# bans - policy on duplicate versions, wildcard requirements, and
# unknown registries/git sources.
[]
= true
[]
= 2
= "deny"
= [
# paste 1.0.15 is unmaintained (upstream archived). Pulled in transitively
# via nalgebra -> simba -> paste; no safe upgrade path exists until nalgebra
# switches to a maintained fork (e.g. `pastey`). This is a maintenance risk,
# not an exploit, and `paste` is a proc-macro used only at compile time — it
# does not ship in the final binary. Revisit on every nalgebra upgrade.
"RUSTSEC-2024-0436",
]
[]
= 2
= 0.8
= [
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"CC0-1.0",
"ISC",
"MIT",
"MPL-2.0",
"Unicode-3.0",
"Unlicense",
"Zlib",
]
[]
= "warn"
= "deny"
= "all"
[]
= "deny"
= "deny"
= ["https://github.com/rust-lang/crates.io-index"]