[licenses]
unlicensed = "deny"

# Deny licenses unless they are specifically listed here
copyleft = "deny"
allow-osi-fsf-free = "neither"
default = "deny"

# We want really high confidence when inferring licenses from text
confidence-threshold = 0.93

# Commented license types are allowed but not currently used
allow = [
    "Apache-2.0",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "BSL-1.0",
    # "CC0-1.0",
    "ISC",
    "MIT",
    "OpenSSL",
    "Unlicense",
    "Zlib",
]

exceptions = [
    { name = "webpki-roots", allow = ["MPL-2.0"], version = "*" },
    { name = "unicode-ident", version = "1.0.4", allow = ["MIT", "Apache-2.0", "Unicode-DFS-2016"] },
]

# https://github.com/hsivonen/encoding_rs The non-test code that isn't generated from the WHATWG data in this crate is
# under Apache-2.0 OR MIT. Test code is under CC0.
[[licenses.clarify]]
name = "encoding_rs"
version = "0.8.30"
expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause"
license-files = [
    { path = "COPYRIGHT", hash = 0x39f8ad31 }
]

[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
    { path = "LICENSE", hash = 0xbd0eed23 },
]

[[licenses.clarify]]
name = "webpki"
expression = "ISC"
license-files = [
    { path = "LICENSE", hash = 0x001c7e6c },
]

[[licenses.clarify]]
name = "rustls-webpki"
expression = "ISC"
license-files = [
    { path = "LICENSE", hash = 0x001c7e6c },
]

[bans]
# Deny multiple versions or wildcard dependencies.
multiple-versions = "deny"
wildcards = "deny"

skip = [
    # num_cpus uses an old version of hermit-abi
    { name = "hermit-abi", version = "=0.2.6" },
    # tungstenite other crates use an old version of base64
    { name = "base64", version = "=0.13.1" },
    # governor uses an old version of wasi
    { name = "wasi", version = "=0.10.2" },
]

skip-tree = [
    # windows-sys is not a direct dependency. mio and schannel
    # are using different versions of windows-sys. we skip the
    # dependency tree because windows-sys has many sub-crates
    # that differ in major version.
    { name = "windows-sys", version = "=0.42.0" },

    # TestSys uses a newer version of base64 and serde_yaml
    { name = "testsys-model", version = "=0.0.8" },
    { name = "bottlerocket-types", version = "=0.0.8" },

    # generate-readme uses an old version of clap and other dependencies
    { name = "generate-readme", version = "0.1.0" }
]

[sources]
allow-git = [
    "https://github.com/bottlerocket-os/bottlerocket-test-system",
]
# Deny crates from unknown registries or git repositories.
unknown-registry = "deny"
unknown-git = "deny"