Files
yvgude--lean-ctx/rust/deny.toml
T
wehub-resource-sync 26382a7ac6
CI / Clippy (push) Failing after 15m13s
CI / Test (ubuntu-latest) (push) Failing after 16m1s
CI / Test (macos-latest) (push) Has been cancelled
CI / Test (windows-latest) (push) Has been cancelled
CI / Build (no embeddings / no ORT) (push) Has been cancelled
CI / Format (push) Has been cancelled
CI / Cookbook (Node) (push) Has been cancelled
CI / Pi Extension (Node) (push) Has been cancelled
CI / Rust SDK (lean-ctx-client) (push) Has been cancelled
CI / Embed SDK (lean-ctx-sdk) (push) Has been cancelled
CI / Python SDK (leanctx) (push) Has been cancelled
CI / Hermes Plugin (Python) (push) Has been cancelled
CI / SDK Conformance Matrix (push) Has been cancelled
CI / Coverage (push) Has been cancelled
CI / cargo-deny (push) Has been cancelled
CI / Adversarial Safety (push) Has been cancelled
CI / Benchmarks (push) Has been cancelled
CI / Output-Quality Gate (eval A/B) (push) Has been cancelled
CI / Documentation (push) Has been cancelled
CI / CI Green (push) Has been cancelled
JetBrains Plugin / Actionlint (push) Has been cancelled
CodeQL / Analyze (actions) (push) Has been cancelled
CodeQL / Analyze (javascript-typescript) (push) Has been cancelled
CodeQL / Analyze (rust) (push) Has been cancelled
JetBrains Plugin / Validation (push) Has been cancelled
JetBrains Plugin / Build (push) Has been cancelled
JetBrains Plugin / Test (push) Has been cancelled
Security Check / Security Scan (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:35:30 +08:00

56 lines
1.4 KiB
TOML

[graph]
targets = []
all-features = true
[advisories]
# cargo-deny >= 0.19 removed `vulnerability` and `notice` config knobs:
# all vulnerability/notice advisories now emit errors unless explicitly ignored.
# `unmaintained`/`unsound` now control which dependencies can fail the check.
unmaintained = "workspace"
yanked = "warn"
unused-ignored-advisory = "warn"
ignore = []
[licenses]
# The allow-list below is a deliberately curated, forward-looking policy. Some
# entries (e.g. OpenSSL for `ring`, Unicode-DFS-2016) are kept so dependency
# bumps don't trip the check; `allow` silences the pedantic "not encountered"
# notice for those without weakening the policy itself.
unused-allowed-license = "allow"
allow = [
"MIT",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"0BSD",
"ISC",
"Unicode-3.0",
"Unicode-DFS-2016",
"Zlib",
"Unlicense",
"MPL-2.0",
"BSL-1.0",
"CC0-1.0",
"CDLA-Permissive-2.0",
"OpenSSL",
"bzip2-1.0.6",
"WTFPL",
]
confidence-threshold = 0.8
[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
[bans]
multiple-versions = "warn"
wildcards = "allow"
[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []