slint-mapping 0.1.0

Map framework for Slint — interactive map component with tile rendering, panning, zooming, and marker overlays.
Documentation
# cargo-deny configuration for slint-mapping.
#
# See `https://embarkstudios.github.io/cargo-deny/` for the full schema.
# The intent here is "conservative defaults a single-maintainer library
# can sustain without weekly churn" — not maximum strictness.

# ───── Advisories (RustSec database) ───────────────────────────────
[advisories]
version = 2
# Fail on any active CVE; warnings (informational / unmaintained) do
# not fail the build but show up in the report.
yanked = "warn"
ignore = [
    # `paste` is no longer maintained but no security vulnerability;
    # comes in transitively via image → ravif → rav1e → paste, deep
    # in the image-decoding chain. There's no safe upgrade and it's
    # not exploitable — just the author archiving the repo. Revisit
    # when the image crate replaces it (their issue tracker has the
    # transition discussion). Original advisory:
    # https://rustsec.org/advisories/RUSTSEC-2024-0436
    "RUSTSEC-2024-0436",
]

# ───── License policy ──────────────────────────────────────────────
[licenses]
version = 2
# Allow-list approach: anything not in this list is flagged. Covers
# the common permissive + weak-copyleft licences a Rust-ecosystem
# library typically pulls in. GPL / AGPL / SSPL deliberately omitted
# — if a dep brings one in we want to know.
allow = [
    "MIT",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-3.0",
    "Zlib",
    "CC0-1.0",
    "0BSD",
    # University of Illinois / NCSA Open Source License. Pulled in
    # transitively via image → rav1e → ravif → libfuzzer-sys. OSI-
    # approved permissive licence, similar in spirit to BSD-3-Clause.
    "NCSA",
    # Slint is triple-licensed: GPL-3.0-only OR one of these two
    # commercial-friendly options. We don't want the GPL clause to
    # apply, so allow the LicenseRef-* terms instead. Any crate that
    # ships with the Slint triple-license string satisfies cargo-deny
    # via the OR if at least one of these is on the allow list.
    "LicenseRef-Slint-Royalty-free-2.0",
    "LicenseRef-Slint-Software-3.0",
]
confidence-threshold = 0.8

# ───── Bans (duplicate versions / disallowed crates) ───────────────
[bans]
multiple-versions = "warn"
wildcards = "deny"
# Allow a few well-known cases of unavoidable duplicates that aren't
# worth refactoring around (e.g. when two upstream crates pin
# different majors of `windows-sys`).
skip = []
skip-tree = []

# ───── Source registries ───────────────────────────────────────────
[sources]
unknown-registry = "deny"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []