99# The values provided in this template are the default values that will be used
1010# when any section or field is not specified in your own configuration
1111
12+ # Root options
13+
14+ # The graph table configures how the dependency graph is constructed and thus
15+ # which crates the checks are performed against
16+ [graph ]
1217# If 1 or more target triples (and optionally, target_features) are specified,
1318# only the specified targets will be checked when running `cargo deny check`.
1419# This means, if a particular package is only ever used as a target specific
2025targets = [
2126 # The triple can be any string, but only the target triples built in to
2227 # rustc (as of 1.40) can be checked against actual config expressions
23- # { triple = "x86_64-unknown-linux-musl" } ,
28+ # "x86_64-unknown-linux-musl",
2429 # You can also specify which target_features you promise are enabled for a
2530 # particular target. target_features are currently not validated against
2631 # the actual valid features supported by the target architecture.
2732 # { triple = "wasm32-unknown-unknown", features = ["atomics"] },
2833]
34+ # When creating the dependency graph used as the source of truth when checks are
35+ # executed, this field can be used to prune crates from the graph, removing them
36+ # from the view of cargo-deny. This is an extremely heavy hammer, as if a crate
37+ # is pruned from the graph, all of its dependencies will also be pruned unless
38+ # they are connected to another crate in the graph that hasn't been pruned,
39+ # so it should be used with care. The identifiers are [Package ID Specifications]
40+ # (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html)
41+ # exclude = []
42+ # If true, metadata will be collected with `--all-features`. Note that this can't
43+ # be toggled off if true, if you want to conditionally enable `--all-features` it
44+ # is recommended to pass `--all-features` on the cmd line instead
45+ all-features = false
46+ # If true, metadata will be collected with `--no-default-features`. The same
47+ # caveat with `all-features` applies
48+ no-default-features = false
49+ # If set, these feature will be enabled when collecting metadata. If `--features`
50+ # is specified on the cmd line they will take precedence over this option.
51+ # features = []
52+
53+ # The output table provides options for how/if diagnostics are outputted
54+ [output ]
55+ # When outputting inclusion graphs in diagnostics that include features, this
56+ # option can be used to specify the depth at which feature edges will be added.
57+ # This option is included since the graphs can be quite large and the addition
58+ # of features from the crate(s) to all of the graph roots can be far too verbose.
59+ # This option can be overridden via `--feature-depth` on the cmd line
60+ feature-depth = 1
2961
3062# This section is considered when running `cargo deny check advisories`
3163# More documentation for the advisories section can be found here:
3264# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
3365[advisories ]
34- # The path where the advisory database is cloned/fetched into
35- db-path = " ~/.cargo/ advisory-db "
66+ # The path where the advisory databases are cloned/fetched into
67+ # db-path = "$CARGO_HOME/ advisory-dbs "
3668# The url(s) of the advisory databases to use
37- db-urls = [" https://github.com/rustsec/advisory-db"
38- # The lint level for security vulnerabilities
39- vulnerability = " deny"
40- # The lint level for unmaintained crates
41- unmaintained = " warn"
42- # The lint level for crates that have been yanked from their source registry
43- yanked = " warn"
44- # The lint level for crates with security notices. Note that as of
45- # 2019-12-17 there are no security notice advisories in
46- # https://github.com/rustsec/advisory-db
47- notice = " warn"
69+ # db-urls = ["https://github.com/rustsec/advisory-db"]
4870# A list of advisory IDs to ignore. Note that ignored advisories will still
4971# output a note when they are encountered.
5072ignore = [
5173 # "RUSTSEC-0000-0000",
74+ # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
75+ # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
76+ # { crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
5277]
53- # Threshold for security vulnerabilities, any vulnerability with a CVSS score
54- # lower than the range specified will be ignored. Note that ignored advisories
55- # will still output a note when they are encountered.
56- # * None - CVSS Score 0.0
57- # * Low - CVSS Score 0.1 - 3.9
58- # * Medium - CVSS Score 4.0 - 6.9
59- # * High - CVSS Score 7.0 - 8.9
60- # * Critical - CVSS Score 9.0 - 10.0
61- # severity-threshold =
78+ # If this is true, then cargo deny will use the git executable to fetch advisory database.
79+ # If this is false, then it uses a built-in git library.
80+ # Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
81+ # See Git Authentication for more information about setting up git authentication.
82+ # git-fetch-with-cli = true
6283
6384# This section is considered when running `cargo deny check licenses`
6485# More documentation for the licenses section can be found here:
6586# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
6687[licenses ]
67- # The lint level for crates which do not have a detectable license
68- unlicensed = " deny"
69- # List of explictly allowed licenses
88+ # List of explicitly allowed licenses
7089# See https://spdx.org/licenses/ for list of possible licenses
7190# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
7291allow = [
@@ -75,26 +94,6 @@ allow = [
7594 " Unicode-DFS-2016"
7695 # "Apache-2.0 WITH LLVM-exception",
7796]
78- # List of explictly disallowed licenses
79- # See https://spdx.org/licenses/ for list of possible licenses
80- # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
81- deny = [
82- # "Nokia",
83- ]
84- # Lint level for licenses considered copyleft
85- copyleft = " warn"
86- # Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
87- # * both - The license will be approved if it is both OSI-approved *AND* FSF
88- # * either - The license will be approved if it is either OSI-approved *OR* FSF
89- # * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
90- # * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
91- # * neither - This predicate is ignored and the default lint level is used
92- allow-osi-fsf-free = " neither"
93- # Lint level used when no other predicates are matched
94- # 1. License isn't in the allow or deny lists
95- # 2. License isn't copyleft
96- # 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
97- default = " deny"
9897# The confidence threshold for detecting a license from license text.
9998# The higher the value, the more closely the license text must be to the
10099# canonical license text of a valid SPDX license file.
@@ -105,17 +104,15 @@ confidence-threshold = 0.8
105104exceptions = [
106105 # Each entry is the crate and version constraint, and its specific allow
107106 # list
108- # { allow = ["Zlib"], name = "adler32", version = "* " },
107+ # { allow = ["Zlib"], crate = "adler32" },
109108]
110109
111110# Some crates don't have (easily) machine readable licensing information,
112111# adding a clarification entry for it allows you to manually specify the
113112# licensing information
114113# [[licenses.clarify]]
115- # The name of the crate the clarification applies to
116- # name = "ring"
117- # The optional version constraint for the crate
118- # version = "*"
114+ # The package spec the clarification applies to
115+ # crate = "ring"
119116# The SPDX expression for the license requirements of the crate
120117# expression = "MIT AND ISC AND OpenSSL"
121118# One or more files in the crate's source used as the "source of truth" for
@@ -124,13 +121,15 @@ exceptions = [
124121# and the crate will be checked normally, which may produce warnings or errors
125122# depending on the rest of your configuration
126123# license-files = [
127- # Each entry is a crate relative path, and the (opaque) hash of its contents
128- # { path = "LICENSE", hash = 0xbd0eed23 }
124+ # Each entry is a crate relative path, and the (opaque) hash of its contents
125+ # { path = "LICENSE", hash = 0xbd0eed23 }
129126# ]
130127
131128[licenses .private ]
132129# If true, ignores workspace crates that aren't published, or are only
133- # published to private registries
130+ # published to private registries.
131+ # To see how to mark a crate as unpublished (to the official registry),
132+ # visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
134133ignore = false
135134# One or more private registries that you might publish crates to, if a crate
136135# is only published to private registries, and ignore is true, the crate will
@@ -153,30 +152,63 @@ wildcards = "allow"
153152# * simplest-path - The path to the version with the fewest edges is highlighted
154153# * all - Both lowest-version and simplest-path are used
155154highlight = " all"
155+ # The default lint level for `default` features for crates that are members of
156+ # the workspace that is being checked. This can be overridden by allowing/denying
157+ # `default` on a crate-by-crate basis if desired.
158+ workspace-default-features = " allow"
159+ # The default lint level for `default` features for external crates that are not
160+ # members of the workspace. This can be overridden by allowing/denying `default`
161+ # on a crate-by-crate basis if desired.
162+ external-default-features = " allow"
156163# List of crates that are allowed. Use with care!
157164allow = [
158- # { name = "ansi_term", version = "=0.11.0" },
165+ # "ansi_term@0.11.0",
166+ # { crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
159167]
160168# List of crates to deny
161169deny = [
162- # Each entry the name of a crate and a version range. If version is
163- # not specified, all versions will be matched.
164- # { name = "ansi_term", version = "=0.11.0" },
165- #
170+ # "ansi_term@0.11.0",
171+ # { crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
166172 # Wrapper crates can optionally be specified to allow the crate when it
167173 # is a direct dependency of the otherwise banned crate
168- # { name = "ansi_term", version = "= 0.11.0", wrappers = [] },
174+ # { crate = "ansi_term@ 0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term" ] },
169175]
176+
177+ # List of features to allow/deny
178+ # Each entry the name of a crate and a version range. If version is
179+ # not specified, all versions will be matched.
180+ # [[bans.features]]
181+ # crate = "reqwest"
182+ # Features to not allow
183+ # deny = ["json"]
184+ # Features to allow
185+ # allow = [
186+ # "rustls",
187+ # "__rustls",
188+ # "__tls",
189+ # "hyper-rustls",
190+ # "rustls",
191+ # "rustls-pemfile",
192+ # "rustls-tls-webpki-roots",
193+ # "tokio-rustls",
194+ # "webpki-roots",
195+ # ]
196+ # If true, the allowed features must exactly match the enabled feature set. If
197+ # this is set there is no point setting `deny`
198+ # exact = true
199+
170200# Certain crates/versions that will be skipped when doing duplicate detection.
171201skip = [
172- # { name = "ansi_term", version = "=0.11.0" },
202+ # "ansi_term@0.11.0",
203+ # { crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
173204]
174- # Similarly to `skip` allows you to skip certain crates during duplicate
175- # detection. Unlike skip, it also includes the entire tree of transitive
205+ # Similarly to `skip` allows you to skip certain crates during duplicate
206+ # detection. Unlike skip, it also includes the entire tree of transitive
176207# dependencies starting at the specified crate, up to a certain depth, which is
177- # by default infinite
208+ # by default infinite.
178209skip-tree = [
179- # { name = "ansi_term", version = "=0.11.0", depth = 20 },
210+ # "ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
211+ # { crate = "ansi_term@0.11.0", depth = 20 },
180212]
181213
182214# This section is considered when running `cargo deny check sources`.
@@ -194,3 +226,11 @@ unknown-git = "warn"
194226allow-registry = [" https://github.com/rust-lang/crates.io-index"
195227# List of URLs for allowed Git repositories
196228allow-git = []
229+
230+ [sources .allow-org ]
231+ # github.com organizations to allow git sources for
232+ github = []
233+ # gitlab.com organizations to allow git sources for
234+ gitlab = []
235+ # bitbucket.org organizations to allow git sources for
236+ bitbucket = []
0 commit comments