# https://embarkstudios.github.io/cargo-deny/

# Note: running just `cargo deny check` without a `--target` can result in
# false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324
targets = [
    { triple = "aarch64-apple-darwin" },
    { triple = "i686-pc-windows-gnu" },
    { triple = "i686-pc-windows-msvc" },
    { triple = "i686-unknown-linux-gnu" },
    { triple = "wasm32-unknown-unknown" },
    { triple = "x86_64-apple-darwin" },
    { triple = "x86_64-pc-windows-gnu" },
    { triple = "x86_64-pc-windows-msvc" },
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "x86_64-unknown-linux-musl" },
    { triple = "x86_64-unknown-redox" },
]

[advisories]
vulnerability = "deny"
unmaintained = "warn"
yanked = "deny"
ignore = [
    "RUSTSEC-2020-0071", # https://rustsec.org/advisories/RUSTSEC-2020-0071 - chrono/time: Potential segfault in the time crate
    "RUSTSEC-2020-0159", # https://rustsec.org/advisories/RUSTSEC-2020-0159 - chrono/time: Potential segfault in localtime_r invocations
    "RUSTSEC-2021-0127", # https://rustsec.org/advisories/RUSTSEC-2021-0127 - https://github.com/bheisler/criterion.rs/issues/534
]

[bans]
multiple-versions = "deny"
wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed
deny = [
    { name = "cmake" },       # Lord no
    { name = "openssl-sys" }, # prefer rustls
    { name = "openssl" },     # prefer rustls
]

skip = [
    { name = "arrayvec" },            # old version via tiny-skiaz
    { name = "nix" },                 # old version via winit
    { name = "redox_syscall" },       # old version via winit
    { name = "time" },                # old version pulled in by unmaintianed crate 'chrono'
    { name = "tiny-skia" },           # winit uses a different version from egui_extras (TODO(emilk): update egui_extras!)
    { name = "ttf-parser" },          # different versions pulled in by ab_glyph and usvg
    { name = "wayland-sys" },         # old version via winit
    { name = "windows_x86_64_msvc" }, # old version via glutin
    { name = "windows-sys" },         # old version via glutin
    { name = "windows" },             # old version via accesskit
]
skip-tree = [
    { name = "criterion" },     # dev-dependency
    { name = "darling" },       # old version via tts
    { name = "foreign-types" }, # old version from wgpu
    { name = "rfd" },           # example dependency
]


[licenses]
unlicensed = "deny"
allow-osi-fsf-free = "neither"
confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text
copyleft = "deny"
allow = [
    "Apache-2.0",         # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
    "BSD-2-Clause",       # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)
    "BSD-3-Clause",       # https://tldrlegal.com/license/bsd-3-clause-license-(revised)
    "BSL-1.0",            # https://tldrlegal.com/license/boost-software-license-1.0-explained
    "CC0-1.0",            # https://creativecommons.org/publicdomain/zero/1.0/
    "ISC",                # https://tldrlegal.com/license/-isc-license
    "LicenseRef-UFL-1.0", # https://tldrlegal.com/license/ubuntu-font-license,-1.0 - no official SPDX, see https://github.com/emilk/egui/issues/2321
    "MIT",                # https://tldrlegal.com/license/mit-license
    "MPL-2.0",            # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11
    "OFL-1.1",            # https://spdx.org/licenses/OFL-1.1.html
    "OpenSSL",            # https://www.openssl.org/source/license.html
    "Unicode-DFS-2016",   # https://spdx.org/licenses/Unicode-DFS-2016.html
    "Zlib",               # https://tldrlegal.com/license/zlib-libpng-license-(zlib)
]

[[licenses.clarify]]
name = "webpki"
expression = "ISC"
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]

[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]