chatmail-core/deny.toml

[advisories]
ignore = [
    "RUSTSEC-2020-0071",

    # Timing attack on RSA.
    # Delta Chat does not use RSA for new keys
    # and this requires precise measurement of the decryption time by the attacker.
    # There is no fix at the time of writing this (2023-11-28).
    # <https://rustsec.org/advisories/RUSTSEC-2023-0071>
    "RUSTSEC-2023-0071",

    # Unmaintained encoding
    "RUSTSEC-2021-0153",

    # Unmaintained proc-macro-error
    # <https://rustsec.org/advisories/RUSTSEC-2024-0370>
    "RUSTSEC-2024-0370",

    # Unmaintained instant
    "RUSTSEC-2024-0384",
]

[bans]
# Accept some duplicate versions, ideally we work towards this list
# becoming empty.  Adding versions forces us to revisit this at least
# when upgrading.
# Please keep this list alphabetically sorted.
skip = [
     { name = "async-channel", version = "1.9.0" },
     { name = "base64", version = "<0.21" },
     { name = "base64", version = "0.21.7" },
     { name = "bitflags", version = "1.3.2" },
     { name = "event-listener", version = "2.5.3" },
     { name = "event-listener", version = "4.0.3" },
     { name = "fastrand", version = "1.9.0" },
     { name = "fiat-crypto", version = "0.1.20" },
     { name = "futures-lite", version = "1.13.0" },
     { name = "getrandom", version = "<0.2" },
     { name = "http", version = "0.2.12" },
     { name = "nix", version = "0.26.4" },
     { name = "num_enum_derive", version = "0.5.11" },
     { name = "num_enum", version = "0.5.11" },
     { name = "proc-macro-crate", version = "1.3.1" },
     { name = "quick-error", version = "<2.0" },
     { name = "rand_chacha", version = "<0.3" },
     { name = "rand_core", version = "<0.6" },
     { name = "rand", version = "<0.8" },
     { name = "redox_syscall", version = "0.3.5" },
     { name = "regex-automata", version = "0.1.10" },
     { name = "regex-syntax", version = "0.6.29" },
     { name = "sync_wrapper", version = "0.1.2" },
     { name = "syn", version = "1.0.109" },
     { name = "time", version = "<0.3" },
     { name = "toml_edit", version = "0.19.15" },
     { name = "wasi", version = "<0.11" },
     { name = "windows_aarch64_gnullvm", version = "<0.52" },
     { name = "windows_aarch64_msvc", version = "<0.52" },
     { name = "windows-core", version = "<0.54.0" },
     { name = "windows_i686_gnu", version = "<0.52" },
     { name = "windows_i686_msvc", version = "<0.52" },
     { name = "windows-sys", version = "<0.59" },
     { name = "windows-targets", version = "<0.52" },
     { name = "windows", version = "<0.54.0" },
     { name = "windows_x86_64_gnullvm", version = "<0.52" },
     { name = "windows_x86_64_gnu", version = "<0.52" },
     { name = "windows_x86_64_msvc", version = "<0.52" },
     { name = "winnow", version = "0.5.40" },
     { name = "winreg", version = "0.50.0" },
]


[licenses]
allow = [
    "0BSD",
    "Apache-2.0",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "BSL-1.0", # Boost Software License 1.0
    "CC0-1.0",
    "ISC",
    "MIT",
    "MPL-2.0",
    "OpenSSL",
    "Unicode-DFS-2016",
    "Zlib",
]

[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
      { path = "LICENSE", hash = 0xbd0eed23 },
]

[sources.allow-org]
# Organisations which we allow git sources from.
github = [
       "async-email",
       "deltachat",
]