deny.toml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

[advisories]
vulnerability = "deny"
unmaintained = "warn"
notice = "warn"
ignore = []

[licenses]
unlicensed = "warn"
allow = []
deny = []
copyleft = "warn"
allow-osi-fsf-free = "either"
confidence-threshold = 0.8

[bans]
multiple-versions = "deny"
highlight = "all"
skip-tree = [
    # currently duplicated through header, reqwest, tower-http and cookie
    # C.f. https://github.com/tokio-rs/axum/pull/1641
    { name = "base64" },
    # parking_lot pulls in old versions of windows-sys
    { name = "windows-sys" },
    # old version pulled in by rustls via ring
    { name = "spin" },
    # lots still pulls in syn 1.x
    { name = "syn" },
    # until 1.0 is out we're pulling in both 0.14 and 1.0-rc.x
    { name = "hyper" },
    # pulled in by tracing-subscriber
    { name = "regex-syntax" },
    # pulled in by tracing-subscriber
    { name = "regex-automata" },
    # pulled in by hyper
    { name = "socket2" },
    # hyper-util hasn't upgraded to 0.5 yet, but it's the same service / layer
    # crates beneath
    { name = "tower" },
    # tower hasn't upgraded to 1.0 yet
    { name = "sync_wrapper" },
]

[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-git = []