bevy/deny.toml
François 71329fe0c2
make CI less failing on cargo deny bans (#10151)
# Objective

- Job cargo deny for bans is failing too often to be useful
- Having only one version of all dependencies is not realistic

## Solution

- Only warn on multiple dependencies of a crate
- Deny some specific crates that we know shouldn't be present multiple
time
2023-10-16 23:12:13 +00:00

45 lines
1,005 B
TOML

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "deny"
yanked = "deny"
notice = "deny"
ignore = [
]
[licenses]
unlicensed = "deny"
copyleft = "deny"
allow = [
"MIT",
"MIT-0",
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"Zlib",
"0BSD",
"BSD-2-Clause",
"CC0-1.0",
]
exceptions = [
{ name = "unicode-ident", allow = ["Unicode-DFS-2016"] },
]
default = "deny"
[bans]
multiple-versions = "warn"
wildcards = "deny"
# Certain crates that we don't want multiple versions of in the dependency tree
deny = [
{ name = "ahash", deny-multiple-versions = true },
{ name = "android-activity", deny-multiple-versions = true },
{ name = "glam", deny-multiple-versions = true },
{ name = "raw-window-handle", deny-multiple-versions = true },
]
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []