egui/deny.toml

# https://embarkstudios.github.io/cargo-deny/

targets = [
    { triple = "aarch64-apple-darwin" },
    { triple = "aarch64-linux-android" },
    { triple = "wasm32-unknown-unknown" },
    { triple = "x86_64-apple-darwin" },
    { triple = "x86_64-pc-windows-msvc" },
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "x86_64-unknown-linux-musl" },
]

[advisories]
vulnerability = "deny"
unmaintained = "warn"
yanked = "deny"
ignore = [
    "RUSTSEC-2020-0071", # https://rustsec.org/advisories/RUSTSEC-2020-0071 - chrono/time: Potential segfault in the time crate
    "RUSTSEC-2020-0159", # https://rustsec.org/advisories/RUSTSEC-2020-0159 - chrono/time: Potential segfault in localtime_r invocations
    "RUSTSEC-2021-0127", # https://rustsec.org/advisories/RUSTSEC-2021-0127 - https://github.com/bheisler/criterion.rs/issues/534
]

[bans]
multiple-versions = "deny"
wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed
deny = [
    { name = "openssl" },     # prefer rustls
    { name = "openssl-sys" }, # prefer rustls
]

skip = [
    { name = "ahash" },      # old version via dark-light
    { name = "arrayvec" },   # old version via tiny-skiaz
    { name = "hashbrown" },  # old version via dark-light
    { name = "time" },       # old version pulled in by unmaintianed crate 'chrono'
    { name = "ttf-parser" }, # different versions pulled in by ab_glyph and usvg
]
skip-tree = [
    { name = "criterion" }, # dev-dependency
    { name = "glium" },     # legacy crate, lots of old dependencies
    { name = "rfd" },       # example dependency
    { name = "three-d" },   # example dependency
]


[licenses]
unlicensed = "deny"
allow-osi-fsf-free = "neither"
confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text
copyleft = "deny"
allow = [
    "Apache-2.0",         # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
    "BSD-2-Clause",       # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)
    "BSD-3-Clause",       # https://tldrlegal.com/license/bsd-3-clause-license-(revised)
    "BSL-1.0",            # https://tldrlegal.com/license/boost-software-license-1.0-explained
    "CC0-1.0",            # https://creativecommons.org/publicdomain/zero/1.0/
    "ISC",                # https://tldrlegal.com/license/-isc-license
    "LicenseRef-UFL-1.0", # https://tldrlegal.com/license/ubuntu-font-license,-1.0 - no official SPDX, see https://github.com/emilk/egui/issues/2321
    "MIT",                # https://tldrlegal.com/license/mit-license
    "MPL-2.0",            # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11
    "OFL-1.1",            # https://spdx.org/licenses/OFL-1.1.html
    "OpenSSL",            # https://www.openssl.org/source/license.html
    "Unicode-DFS-2016",   # https://spdx.org/licenses/Unicode-DFS-2016.html
    "Zlib",               # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
]

[[licenses.clarify]]
name = "webpki"
expression = "ISC"
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]

[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`# https://embarkstudios.github.io/cargo-deny/`

			`targets = [`
			`{ triple = "aarch64-apple-darwin" },`
			`{ triple = "aarch64-linux-android" },`
Cargo deny: also check wasm32-unknown-unknown 2 years ago			`{ triple = "wasm32-unknown-unknown" },`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`{ triple = "x86_64-apple-darwin" },`
			`{ triple = "x86_64-pc-windows-msvc" },`
			`{ triple = "x86_64-unknown-linux-gnu" },`
			`{ triple = "x86_64-unknown-linux-musl" },`
			`]`

			`[advisories]`
			`vulnerability = "deny"`
			`unmaintained = "warn"`
			`yanked = "deny"`
			`ignore = [`
			`"RUSTSEC-2020-0071", # https://rustsec.org/advisories/RUSTSEC-2020-0071 - chrono/time: Potential segfault in the time crate`
			`"RUSTSEC-2020-0159", # https://rustsec.org/advisories/RUSTSEC-2020-0159 - chrono/time: Potential segfault in localtime_r invocations`
Replace copypasta with arboard (#1475) * Replace copypasta with arboard Closes https://github.com/emilk/egui/issues/1474 * Clean up deny.toml 3 years ago			`"RUSTSEC-2021-0127", # https://rustsec.org/advisories/RUSTSEC-2021-0127 - https://github.com/bheisler/criterion.rs/issues/534`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`]`

			`[bans]`
			`multiple-versions = "deny"`
			`wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed`
			`deny = [`
Replace copypasta with arboard (#1475) * Replace copypasta with arboard Closes https://github.com/emilk/egui/issues/1474 * Clean up deny.toml 3 years ago			`{ name = "openssl" }, # prefer rustls`
			`{ name = "openssl-sys" }, # prefer rustls`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`]`

			`skip = [`
Replace copypasta with arboard (#1475) * Replace copypasta with arboard Closes https://github.com/emilk/egui/issues/1474 * Clean up deny.toml 3 years ago			`{ name = "ahash" }, # old version via dark-light`
			`{ name = "arrayvec" }, # old version via tiny-skiaz`
			`{ name = "hashbrown" }, # old version via dark-light`
			`{ name = "time" }, # old version pulled in by unmaintianed crate 'chrono'`
Release 0.17.0 - Improved font selection and image handling 3 years ago			`{ name = "ttf-parser" }, # different versions pulled in by ab_glyph and usvg`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`]`
			`skip-tree = [`
epaint: cover default fonts in the license field (#2327) 2 years ago			`{ name = "criterion" }, # dev-dependency`
Replace copypasta with arboard (#1475) * Replace copypasta with arboard Closes https://github.com/emilk/egui/issues/1474 * Clean up deny.toml 3 years ago			`{ name = "glium" }, # legacy crate, lots of old dependencies`
cargo update (#1794) * cargo update Updating crates.io index Updating anyhow v1.0.57 -> v1.0.58 Updating arboard v2.1.0 -> v2.1.1 Updating async-broadcast v0.3.4 -> v0.4.0 Updating async-io v1.6.0 -> v1.7.0 Updating async-trait v0.1.53 -> v0.1.56 Updating bindgen v0.59.2 -> v0.60.1 Updating bumpalo v3.9.1 -> v3.10.0 Updating bytemuck v1.9.1 -> v1.10.0 Updating cfg-expr v0.10.2 -> v0.10.3 Updating clang-sys v1.3.1 -> v1.3.3 Adding clap v3.2.8 Adding clap_lex v0.2.4 Updating crossbeam-channel v0.5.4 -> v0.5.5 Updating crossbeam-epoch v0.9.8 -> v0.9.9 Updating crossbeam-utils v0.8.8 -> v0.8.10 Updating dyn-clone v1.0.5 -> v1.0.6 Updating either v1.6.1 -> v1.7.0 Updating enum-map v2.1.0 -> v2.4.0 Updating enum-map-derive v0.8.0 -> v0.9.0 Updating flate2 v1.0.23 -> v1.0.24 Updating getrandom v0.2.6 -> v0.2.7 Updating gif v0.11.3 -> v0.11.4 Adding hashbrown v0.12.1 Updating indexmap v1.8.1 -> v1.9.1 Updating itoa v1.0.1 -> v1.0.2 Updating jpeg-decoder v0.2.4 -> v0.2.6 Updating linked-hash-map v0.5.4 -> v0.5.6 Updating log v0.4.16 -> v0.4.17 Updating memmap2 v0.5.3 -> v0.5.4 Updating miniz_oxide v0.5.1 -> v0.5.3 Updating mio v0.8.2 -> v0.8.4 Removing miow v0.3.7 Adding nix v0.24.1 Removing ntapi v0.3.7 Updating num-rational v0.4.0 -> v0.4.1 Updating num-traits v0.2.14 -> v0.2.15 Updating num_threads v0.1.5 -> v0.1.6 Updating object v0.28.3 -> v0.28.4 Updating once_cell v1.10.0 -> v1.12.0 Adding os_str_bytes v6.1.0 Updating parking_lot v0.12.0 -> v0.12.1 Updating parking_lot_core v0.9.1 -> v0.9.3 Updating proc-macro2 v1.0.37 -> v1.0.40 Updating profiling v1.0.5 -> v1.0.6 Updating puffin v0.13.1 -> v0.13.3 Updating quote v1.0.18 -> v1.0.20 Updating rayon v1.5.2 -> v1.5.3 Updating rayon-core v1.9.2 -> v1.9.3 Updating regex v1.5.5 -> v1.5.6 Updating regex-syntax v0.6.25 -> v0.6.26 Adding remove_dir_all v0.5.3 Updating rfd v0.8.0 -> v0.8.4 Updating rgb v0.8.32 -> v0.8.33 Updating ron v0.7.0 -> v0.7.1 Updating rustls v0.20.4 -> v0.20.6 Updating rustybuzz v0.5.0 -> v0.5.1 Updating ryu v1.0.9 -> v1.0.10 Updating semver v1.0.7 -> v1.0.12 Updating serde v1.0.136 -> v1.0.138 Updating serde_derive v1.0.136 -> v1.0.138 Updating serde_json v1.0.79 -> v1.0.82 Updating serde_repr v0.1.7 -> v0.1.8 Updating smallvec v1.8.0 -> v1.9.0 Adding smithay-client-toolkit v0.16.0 Updating smithay-clipboard v0.6.5 -> v0.6.6 Updating str-buf v1.0.5 -> v1.0.6 Removing strsim v0.8.0 Updating svgtypes v0.8.0 -> v0.8.1 Updating syn v1.0.92 -> v1.0.98 Adding tempfile v3.3.0 Adding textwrap v0.15.0 Updating thiserror v1.0.30 -> v1.0.31 Updating thiserror-impl v1.0.30 -> v1.0.31 Removing time v0.1.43 Removing time v0.3.9 Adding time v0.1.44 Adding time v0.3.11 Updating tiny-skia v0.6.3 -> v0.6.6 Updating tracing v0.1.34 -> v0.1.35 Updating tracing-attributes v0.1.21 -> v0.1.22 Updating tracing-core v0.1.26 -> v0.1.28 Updating tracing-subscriber v0.3.11 -> v0.3.14 Updating ttf-parser v0.15.0 -> v0.15.2 Updating tts v0.20.3 -> v0.20.4 Updating twox-hash v1.6.2 -> v1.6.3 Adding uds_windows v1.0.2 Adding unicode-ident v1.0.1 Updating unicode-normalization v0.1.19 -> v0.1.21 Removing vec_map v0.8.2 Updating wasi v0.10.2+wasi-snapshot-preview1 -> v0.10.0+wasi-snapshot-preview1 Updating wgpu v0.13.0 -> v0.13.1 Updating wgpu-core v0.13.0 -> v0.13.1 Updating wgpu-hal v0.13.0 -> v0.13.1 Removing windows v0.32.0 Adding windows v0.33.0 Adding windows v0.37.0 Updating windows-sys v0.32.0 -> v0.36.1 Removing windows_aarch64_msvc v0.32.0 Adding windows_aarch64_msvc v0.33.0 Adding windows_aarch64_msvc v0.36.1 Adding windows_aarch64_msvc v0.37.0 Removing windows_i686_gnu v0.32.0 Adding windows_i686_gnu v0.33.0 Adding windows_i686_gnu v0.36.1 Adding windows_i686_gnu v0.37.0 Removing windows_i686_msvc v0.32.0 Adding windows_i686_msvc v0.33.0 Adding windows_i686_msvc v0.36.1 Adding windows_i686_msvc v0.37.0 Removing windows_x86_64_gnu v0.32.0 Adding windows_x86_64_gnu v0.33.0 Adding windows_x86_64_gnu v0.36.1 Adding windows_x86_64_gnu v0.37.0 Removing windows_x86_64_msvc v0.32.0 Adding windows_x86_64_msvc v0.33.0 Adding windows_x86_64_msvc v0.36.1 Adding windows_x86_64_msvc v0.37.0 Updating zbus v2.1.1 -> v2.3.2 Updating zbus_macros v2.1.1 -> v2.3.2 Updating zstd v0.10.0+zstd.1.5.2 -> v0.11.2+zstd.1.5.2 Updating zstd-safe v4.1.4+zstd.1.5.2 -> v5.0.2+zstd.1.5.2 Updating zstd-sys v1.6.3+zstd.1.5.2 -> v2.0.1+zstd.1.5.2 Updating zvariant v3.1.2 -> v3.4.1 Updating zvariant_derive v3.1.2 -> v3.4.1 ❯ cargo update -p smithay-clipboard --precise 0.6.5 Updating crates.io index Removing nix v0.24.1 Removing smithay-client-toolkit v0.16.0 Updating smithay-clipboard v0.6.6 -> v0.6.5 * Downgrade enum-map so we can build with rust 1.60 * update syntect * Update usvg and resvg * Fix syntect update * Update tts to 0.22 * Make egui_demo_app compile for wasm with wgpu feature This broke in https://github.com/emilk/egui/pull/1781 * Ignore rfd tree in deny.toml * Revert "Update tts to 0.22" This reverts commit 2e1280b61ef9422c76491ab718ad8da105657097. * Explain why tts is stuck on an old version * Downgrade `rfd` to avoid problems with duplicate `windows` crate 2 years ago			`{ name = "rfd" }, # example dependency`
Update three d (#1793) * Update three-d to 0.12 * Fix Z fighting in three-d example Closes https://github.com/emilk/egui/issues/1744 * cargo deny: ignore three-d (only used in examples) 2 years ago			`{ name = "three-d" }, # example dependency`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`]`


			`[licenses]`
			`unlicensed = "deny"`
			`allow-osi-fsf-free = "neither"`
			`confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text`
			`copyleft = "deny"`
			`allow = [`
epaint: cover default fonts in the license field (#2327) 2 years ago			`"Apache-2.0", # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)`
			`"BSD-2-Clause", # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)`
			`"BSD-3-Clause", # https://tldrlegal.com/license/bsd-3-clause-license-(revised)`
			`"BSL-1.0", # https://tldrlegal.com/license/boost-software-license-1.0-explained`
			`"CC0-1.0", # https://creativecommons.org/publicdomain/zero/1.0/`
			`"ISC", # https://tldrlegal.com/license/-isc-license`
			`"LicenseRef-UFL-1.0", # https://tldrlegal.com/license/ubuntu-font-license,-1.0 - no official SPDX, see https://github.com/emilk/egui/issues/2321`
			`"MIT", # https://tldrlegal.com/license/mit-license`
			`"MPL-2.0", # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11`
			`"OFL-1.1", # https://spdx.org/licenses/OFL-1.1.html`
			`"OpenSSL", # https://www.openssl.org/source/license.html`
			`"Unicode-DFS-2016", # https://spdx.org/licenses/Unicode-DFS-2016.html`
			`"Zlib", # https://tldrlegal.com/license/zlib-libpng-license-(zlib)`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago			`]`

			`[[licenses.clarify]]`
			`name = "webpki"`
			`expression = "ISC"`
Replace copypasta with arboard (#1475) * Replace copypasta with arboard Closes https://github.com/emilk/egui/issues/1474 * Clean up deny.toml 3 years ago			`license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]`
Run cargo deny in CI (#1205) * Run cargo deny in CI * Use patched fork of ureq to avoid copy-left license * Use patched fork of tts to avoid LGPL license More: * https://github.com/ndarilek/tts-rs/pull/21 * https://github.com/algesten/ureq/pull/479 3 years ago
			`[[licenses.clarify]]`
			`name = "ring"`
			`expression = "MIT AND ISC AND OpenSSL"`
Replace copypasta with arboard (#1475) * Replace copypasta with arboard Closes https://github.com/emilk/egui/issues/1474 * Clean up deny.toml 3 years ago			`license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]`