[licenses] unlicensed = "deny" # Deny licenses unless they are specifically listed here copyleft = "deny" allow-osi-fsf-free = "neither" default = "deny" # We want really high confidence when inferring licenses from text confidence-threshold = 0.93 allow = [ "Apache-2.0", #"BSD-2-Clause", # OK but currently unused; commenting to prevent warning "BSD-3-Clause", "BSL-1.0", #"CC0-1.0", # OK but currently unused; commenting to prevent warning "ISC", "MIT", "OpenSSL", "Unlicense", "Zlib" ] exceptions = [ # Explicitly allows MPL-2 being pulled in through reqwest's and actix's rustls dependency chain (which uses webpki) { name = "webpki-roots", allow = ["MPL-2.0"], version = "*" }, { name = "unicode-ident", version = "1.0.2", allow = ["MIT", "Apache-2.0", "Unicode-DFS-2016"] }, ] [bans] # Deny multiple versions or wildcard dependencies. multiple-versions = "deny" wildcards = "deny" skip-tree = [ # actix-http uses older and newer versions of crates like rustc_version and # semver, for build vs. runtime dependencies. { name = "actix-http", version = "3.0.0-beta.10" }, # clap uses an older version of strsim, which clashed with the one used by darling_core. { name = "clap", version = "2.34.0" }, # structopt-derive uses an older version of heck, which clashed with the one used by strum_macros. { name = "structopt-derive", version = "0.4.18"}, # aws-smithy-client brings in several lagging dependencies that can be ignored # since it is only used in the integration tests { name = "integ" } ] [sources] # Deny crates from unknown registries or git repositories. unknown-registry = "deny" unknown-git = "deny" [[licenses.clarify]] name = "ring" expression = "MIT AND ISC AND OpenSSL" license-files = [ { path = "LICENSE", hash = 0xbd0eed23 } ] [[licenses.clarify]] name = "webpki" expression = "ISC" license-files = [ { path = "LICENSE", hash = 0x001c7e6c } ] [[licenses.clarify]] name = "rustls-webpki" expression = "ISC" license-files = [ { path = "LICENSE", hash = 0x001c7e6c }, ]