tame-oauth 0.3.0

[bans]
multiple-versions = "deny"
deny = [
    { name = "openssl" },
    { name = "openssl-sys" },
]
skip = [
    # reqwest <= 0.19.21 doesn't feature gate cookies, which ends up
    # bringing in a metric fuckton of duplicates
    { name = "idna", version = "=0.1.5" },
    { name = "quote", version = "=0.6.13" },
    { name = "percent-encoding", version = "=1.0.1" },
    { name = "proc-macro2", version = "=0.4.30" },
    { name = "serde_urlencoded", version = "=0.5.5" },
    { name = "syn", version = "=0.15.44" },
    { name = "synstructure", version = "=0.10.2" },
    { name = "unicode-xid", version = "=0.1.0" },
    { name = "url", version = "=1.7.2" },

    # too many things still use ancient (slow to compile!) versions of winapi
    { name = "winapi", version = "=0.2.8" },

    # rand crate gonna rand crate
    { name = "rand_core", version = "=0.3.1" },
]

[licenses]
unlicensed = "deny"
# We want really high confidence when inferring licenses from text
confidence-threshold = 0.92
allow = [
    "Apache-2.0",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "MIT",
    "MPL-2.0",
    "OpenSSL",
    "Zlib",
]

[[licenses.clarify]]
name = "ring"
# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
# https://spdx.org/licenses/OpenSSL.html
# ISC - Both BoringSSL and ring use this for their new files
# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
# license, for third_party/fiat, which, unlike other third_party directories, is
# compiled into non-test libraries, is included below."
# OpenSSL - Obviously
expression = "ISC AND MIT AND OpenSSL"
license-files = [
    { path = "LICENSE", hash = 0xbd0eed23 },
]

[[licenses.clarify]]
name = "webpki"
expression = "ISC"
license-files = [
    { path = "LICENSE", hash = 0x001c7e6c },
]