chore: Adopt '_rust/main' template

.clippy.toml

@@ -1 +1,13 @@
-msrv = "1.64.0"  # MSRV
+msrv = "1.65.0"  # MSRV
+warn-on-all-wildcard-imports = true
+allow-expect-in-tests = true
+allow-unwrap-in-tests = true
+allow-dbg-in-tests = true
+disallowed-methods = [
+    { path = "std::option::Option::map_or", reason = "prefer `map(..).unwrap_or(..)` for legibility" },
+    { path = "std::option::Option::map_or_else", reason = "prefer `map(..).unwrap_or_else(..)` for legibility" },
+    { path = "std::result::Result::map_or", reason = "prefer `map(..).unwrap_or(..)` for legibility" },
+    { path = "std::result::Result::map_or_else", reason = "prefer `map(..).unwrap_or_else(..)` for legibility" },
+    { path = "std::iter::Iterator::for_each", reason = "prefer `for` for side-effects" },
+    { path = "std::iter::Iterator::try_for_each", reason = "prefer `for` for side-effects" },
+]

.github/renovate.json5

@@ -1,26 +1,65 @@
 {
-  "schedule": [
+  schedule: [
-    "before 3am on the first day of the month"
+    'before 5am on the first day of the month',
   ],
-  "semanticCommits": "enabled",
+  semanticCommits: 'enabled',
-  "configMigration": true,
+  configMigration: true,
-  "packageRules": [
+  dependencyDashboard: true,
+  regexManagers: [
+    {
+      fileMatch: [
+        '^rust-toolchain\\.toml$',
+        'Cargo.toml$',
+        'clippy.toml$',
+        '\\.clippy.toml$',
+        '^\\.github/workflows/ci.yml$',
+        '^\\.github/workflows/rust-next.yml$',
+      ],
+      matchStrings: [
+        'MSRV.*?(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)',
+        '(?<currentValue>\\d+\\.\\d+(\\.\\d+)?).*?MSRV',
+      ],
+      depNameTemplate: 'rust',
+      packageNameTemplate: 'rust-lang/rust',
+      datasourceTemplate: 'github-releases',
+    },
+  ],
+  packageRules: [
+    {
+      commitMessageTopic: 'MSRV',
+      matchManagers: [
+        'regex',
+      ],
+      matchPackageNames: [
+        'rust',
+      ],
+      minimumReleaseAge: "126 days",  // 3 releases * 6 weeks per release * 7 days per week
+      internalChecksFilter: "strict",
+    },
     // Goals:
     // - Rollup safe upgrades to reduce CI runner load
     // - Have lockfile and manifest in-sync
     {
-      "matchManagers": ["cargo"],
+      matchManagers: [
-      "matchCurrentVersion": ">=0.1.0",
+        'cargo',
-      "matchUpdateTypes": ["patch"],
+      ],
-      "automerge": true,
+      matchCurrentVersion: '>=0.1.0',
-      "groupName": "compatible",
+      matchUpdateTypes: [
+        'patch',
+      ],
+      automerge: true,
+      groupName: 'compatible',
     },
     {
-      "matchManagers": ["cargo"],
+      matchManagers: [
-      "matchCurrentVersion": ">=1.0.0",
+        'cargo',
-      "matchUpdateTypes": ["minor"],
+      ],
-      "automerge": true,
+      matchCurrentVersion: '>=1.0.0',
-      "groupName": "compatible",
+      matchUpdateTypes: [
+        'minor',
+      ],
+      automerge: true,
+      groupName: 'compatible',
     },
   ],
 }

.github/settings.yml

@@ -1,38 +1,45 @@
 # These settings are synced to GitHub by https://probot.github.io/apps/settings/
 
 repository:
-  description: Source code spell checker
+  description: "Source code spell checker"
-  topics: rust cli code-quality spell-checker
+  topics: "rust cli code-quality spell-checker"
   has_issues: true
   has_projects: false
-  has_wiki: true
+  has_wiki: false
   has_downloads: true
   default_branch: master
 
-  allow_squash_merge: true
+  # Preference: people do clean commits
   allow_merge_commit: true
-  allow_rebase_merge: true
+  # Backup in case we need to clean up commits
+  allow_squash_merge: true
+  # Not really needed
+  allow_rebase_merge: false
 
-  # Manual: allow_auto_merge: true, see https://github.com/probot/settings/issues/402
+  allow_auto_merge: true
   delete_branch_on_merge: true
 
+  squash_merge_commit_title: "PR_TITLE"
+  squash_merge_commit_message: "PR_BODY"
+  merge_commit_message: "PR_BODY"
+
 labels:
   # Type
   - name: bug
     color: '#b60205'
-    description: Not as expected
+    description: "Not as expected"
   - name: enhancement
     color: '#1d76db'
-    description: Improve the expected
+    description: "Improve the expected"
   # Flavor
   - name: question
     color: "#cc317c"
-    description: Uncertainty is involved
+    description: "Uncertainty is involved"
   - name: breaking-change
     color: "#e99695"
   - name: good first issue
     color: '#c2e0c6'
-    description: Help wanted!
+    description: "Help wanted!"
 
 branches:
   - name: master

.github/workflows/audit.yml

@@ -1,21 +1,49 @@
 name: Security audit
+
+permissions:
+  contents: read
+
 on:
   pull_request:
     paths:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
   push:
-    paths:
+    branches:
-      - '**/Cargo.toml'
+    - master
-      - '**/Cargo.lock'
+
-  schedule:
+env:
-  - cron: '3 3 3 * *'
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   security_audit:
+    permissions:
+      issues: write # to create issues (actions-rs/audit-check)
+      checks: write # to create check (actions-rs/audit-check)
     runs-on: ubuntu-latest
+    # Prevent sudden announcement of a new advisory from failing ci:
+    continue-on-error: true
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - uses: actions-rs/audit-check@v1
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
+
+  cargo_deny:
+    permissions:
+      issues: write # to create issues (actions-rs/audit-check)
+      checks: write # to create check (actions-rs/audit-check)
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        checks:
+          - bans licenses sources
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check ${{ matrix.checks }}
+        rust-version: stable

.github/workflows/ci.yml

@@ -1,23 +1,23 @@
-name: ci
+name: CI
+
+permissions:
+  contents: read
+
 on:
   pull_request:
-    paths:
-    - '**'
-    - '!/*.md'
-    - '!/docs/**'
-    - "!/LICENSE-*"
   push:
     branches:
     - master
-    paths:
+
-    - '**'
+env:
-    - '!/*.md'
+  RUST_BACKTRACE: 1
-    - '!/docs/**'
+  CARGO_TERM_COLOR: always
-    - "!/LICENSE-*"
+  CLICOLOR: 1
-  schedule:
+
-  - cron: '3 3 3 * *'
 jobs:
   ci:
+    permissions:
+      contents: none
     name: CI
     needs: [test, msrv, docs, rustfmt, clippy]
     runs-on: ubuntu-latest
@@ -36,11 +36,9 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
     - name: Build
       run: cargo test --no-run --workspace --all-features
@@ -51,17 +49,15 @@ jobs:
     - name: No-default features
       run: cargo test --workspace --no-default-features
   msrv:
-    name: "Check MSRV: 1.64.0"
+    name: "Check MSRV: 1.65.0"
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: 1.64.0  # MSRV
+        toolchain: 1.65.0  # MSRV
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
     - name: Default features
       run: cargo check --workspace --all-targets
@@ -69,6 +65,18 @@ jobs:
       run: cargo check --workspace --all-targets --all-features
     - name: No-default features
       run: cargo check --workspace --all-targets --no-default-features
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        toolchain: stable
+    - uses: Swatinem/rust-cache@v2
+    - name: "Is lockfile updated?"
+      run: cargo fetch --locked
   docs:
     name: Docs
     runs-on: ubuntu-latest
@@ -76,11 +84,9 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: stable
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
     - name: Check documentation
       env:
@@ -93,13 +99,11 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         # Not MSRV because its harder to jump between versions and people are
         # more likely to have stable
         toolchain: stable
-        profile: minimal
-        override: true
         components: rustfmt
     - uses: Swatinem/rust-cache@v2
     - name: Check formatting
@@ -107,18 +111,32 @@ jobs:
   clippy:
     name: clippy
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write # to upload sarif results
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: 1.64.0  # MSRV
+        toolchain: 1.65.0  # MSRV
-        profile: minimal
-        override: true
         components: clippy
     - uses: Swatinem/rust-cache@v2
-    - uses: actions-rs/clippy-check@v1
+    - name: Install SARIF tools
+      run: cargo install clippy-sarif --version 0.3.4 --locked  # Held back due to msrv
+    - name: Install SARIF tools
+      run: cargo install sarif-fmt --version 0.3.4 --locked # Held back due to msrv
+    - name: Check
+      run: >
+        cargo clippy --workspace --all-features --all-targets --message-format=json -- -D warnings --allow deprecated
+        | clippy-sarif
+        | tee clippy-results.sarif
+        | sarif-fmt
+      continue-on-error: true
+    - name: Upload
+      uses: github/codeql-action/upload-sarif@v2
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
+        sarif_file: clippy-results.sarif
-        args: --workspace --all-features --all-targets -- -D warnings --allow deprecated
+        wait-for-processing: true
+    - name: Report status
+      run: cargo clippy --workspace --all-features --all-targets -- -D warnings --allow deprecated

.github/workflows/committed.yml

@@ -3,6 +3,14 @@
 name: Lint Commits
 on: [pull_request]
 
+permissions:
+  contents: read
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   committed:
     name: Lint Commits

.github/workflows/pre-commit.yml

@@ -0,0 +1,23 @@
+name: pre-commit
+
+permissions: {} # none
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
+jobs:
+  pre-commit:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+    - uses: pre-commit/action@v3.0.0

.github/workflows/rust-next.yml

@@ -1,7 +1,17 @@
 name: rust-next
+
+permissions:
+  contents: read
+
 on:
   schedule:
   - cron: '3 3 3 * *'
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   test:
     name: Test
@@ -18,63 +28,32 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
-    - name: Build
-      run: cargo test --no-run --workspace --all-features
     - name: Default features
       run: cargo test --workspace
     - name: All features
       run: cargo test --workspace --all-features
     - name: No-default features
       run: cargo test --workspace --no-default-features
-  rustfmt:
+  latest:
-    name: rustfmt
+    name: "Check latest dependencies"
-    strategy:
-      matrix:
-        rust:
-        - stable
-        - beta
-    continue-on-error: ${{ matrix.rust != 'stable' }}
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: ${{ matrix.rust }}
+        toolchain: stable
-        profile: minimal
-        override: true
-        components: rustfmt
     - uses: Swatinem/rust-cache@v2
-    - name: Check formatting
+    - name: Update dependencues
-      run: cargo fmt --all -- --check
+      run: cargo update
-  clippy:
+    - name: Default features
-    name: clippy
+      run: cargo test --workspace --all-targets
-    strategy:
+    - name: All features
-      matrix:
+      run: cargo test --workspace --all-targets --all-features
-        rust:
+    - name: No-default features
-        - 1.64.0  # MSRV
+      run: cargo test --workspace --all-targets --no-default-features
-        - stable
-    continue-on-error: ${{ matrix.rust != '1.64.0' }}  # MSRV
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-    - name: Install Rust
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
-        components: clippy
-    - uses: Swatinem/rust-cache@v2
-    - uses: actions-rs/clippy-check@v1
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        args: --workspace --all-features --all-targets -- -D warnings

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.3.0
+    rev: v4.4.0
     hooks:
     - id: check-yaml
       stages: [commit]
@@ -14,3 +14,8 @@ repos:
       stages: [commit]
     - id: detect-private-key
       stages: [commit]
+  - repo: https://github.com/crate-ci/committed
+    rev: v1.0.20
+    hooks:
+    - id: committed
+      stages: [commit-msg]

CHANGELOG.md

@@ -20,8 +20,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixes
 
 - Set bad exit code on disallowed words
-- Allow `Nd` in man pages
+- Allow `And` in man pages
-- Allow `nd` in CSS
+- Allow `and` in CSS
 - Allow `ot` and `stap` in sh
 
 ## [1.16.2] - 2023-08-01
@@ -221,13 +221,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixes
 
 - Correct `existend` to `existent` in addition to `existed`
-- Correct `erronerous` to `erroneous`
+- Correct `erroneous` to `erroneous`
 
 ## [1.13.21] - 2023-03-13
 
 ### Fixes
 
-- Correct `empheral` to `ephemeral`
+- Correct `ephemeral` to `ephemeral`
 - Ignore `go.mod` by default
 - Ensure pre-commit isn't slow to install
 
@@ -273,7 +273,7 @@ Publish to PyPI (first attempt)
 
 ### Fixes
 
-- Correct `grouepd` to `grouped`
+- Correct `grouped` to `grouped`
 
 ## [1.13.12] - 2023-02-23
 
@@ -291,21 +291,21 @@ Publish to PyPI (first attempt)
 
 ### Fixes
 
-- Correct `detctable` & `seaonal` & `wayferer`
+- Correct `detectable` & `seasonal` & `wayfarer`
 
 ## [1.13.9] - 2023-01-25
 
 ### Fixes
 
-- Correct `regylar` -> `regular`
+- Correct `regular` -> `regular`
-- Do not correct substitutents
+- Do not correct substituents
 - Do not correct substituters
 
 ## [1.13.8] - 2023-01-16
 
 ### Fixes
 
-- Correct serialzie -> serialize
+- Correct serialize -> serialize
 
 ## [1.13.7] - 2023-01-14
 
@@ -359,13 +359,13 @@ Publish to PyPI (first attempt)
 
 ### Fixes
 
-- Correct decreypted -> decrypted
+- Correct decrypted -> decrypted
 
 ## [1.12.11] - 2022-10-20
 
 ### Fixes
 
-- Correct `wrappning`
+- Correct `wrapping`
 
 ## [1.12.10] - 2022-10-11
 
@@ -377,7 +377,7 @@ Publish to PyPI (first attempt)
 
 ### Fixes
 
-- Correct `whaat` to `what`
+- Correct `what` to `what`
 
 ## [1.12.8] - 2022-09-28
 
@@ -395,19 +395,19 @@ Publish to PyPI (first attempt)
 
 ### Fixes
 
-- Correct `pararmeter` to `parameter`
+- Correct `parameter` to `parameter`
 
 ## [1.12.5] - 2022-09-15
 
 ### Fixes
 
-- Correct `stte` to `state`
+- Correct `state` to `state`
 
 ## [1.12.4] - 2022-09-08
 
 ### Fixes
 
-- Don't correct `NDArray` in Python
+- Don't correct `ANDArray` in Python
 
 ## [1.12.3] - 2022-09-06
 
@@ -457,8 +457,8 @@ Publish to PyPI (first attempt)
 
 - Correct "inappropriate[ly]"
 - Ignore `thead` tag only in HTML
-- Ignore `windo` in vim
+- Ignore `window` in vim
-- Narrow scope of ignoring `flate` to the `flate2` identifier
+- Narrow scope of ignoring `flat` to the `flat2` identifier
 
 ## [1.11.1] - 2022-08-16
 
@@ -466,7 +466,7 @@ Publish to PyPI (first attempt)
 
 - Don't correct `thead` tag
 - Correct `deffer` to either `differ` or `defer`
-- Correct `opauqe` to `opaque`
+- Correct `opaque` to `opaque`
 
 ## [1.11.0] - 2022-08-13
 
@@ -478,7 +478,7 @@ Publish to PyPI (first attempt)
 
 ### Fixes
 
-- Correct `anonimised`, `anonimized`
+- Correct `anonymised`, `anonymized`
 
 ## [1.10.2] - 2022-06-22
 
@@ -525,7 +525,7 @@ Publish to PyPI (first attempt)
 ### Fixes
 
 - Fix alignment in reports for numbers, broken in 1.7.2
-- Correct `identitiy`
+- Correct `identity`
 
 ## [1.7.2] - 2022-04-28
 
@@ -539,8 +539,8 @@ Publish to PyPI (first attempt)
 ### Fixes
 
 - Ignore uppercase UUID because Microsoft
-- Correct `unencyrpted`
+- Correct `unencrypted`
-- Correct `signign`
+- Correct `signing`
 
 ## [1.7.0] - 2022-04-18
 
@@ -616,8 +616,8 @@ Publish to PyPI (first attempt)
 
 #### Fixes
 
-- Correct "requierment" to "requirement", not "requirements"
+- Correct "requirement" to "requirement", not "requirements"
-- Correct "descrepancy" to "discrepancy"
+- Correct "discrepancy" to "discrepancy"
 
 ## [1.3.1] - 2021-11-16
 
@@ -663,7 +663,7 @@ Note: MSRV is now 1.54
 
 #### Bug Fixes
 
-- Add `instantialed` typo
+- Add `instantiated` typo
 
 ## [1.1.5] - 2021-08-04
 
@@ -792,7 +792,7 @@ Note: MSRV is now 1.54
 - Check for word variations when also correcting a word
 - Correct `ther` as not just `there` but also `the` and `their` (based on misspelling in Linux)
 - Don't correct `hardlinked`
-- `refernce` should correct to `reference` and not `references`
+- `reference` should correct to `reference` and not `references`
 
 #### Performance
 

Cargo.toml

@@ -9,8 +9,9 @@ resolver = "2"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/crate-ci/typos"
 edition = "2021"
-rust-version = "1.64.0"  # MSRV
+rust-version = "1.65.0"  # MSRV
 include = [
+  "build.rs",
   "src/**/*",
   "Cargo.toml",
   "Cargo.lock",

LICENSE-MIT

@@ -1,4 +1,4 @@
-Copyright (c) 2019 Individual contributors
+Copyright (c) Individual contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -77,16 +77,16 @@ To mark a word or an identifier (grouping of words) as valid, add it your [`_typ
 [default]
 extend-ignore-identifiers-re = [
     # *sigh* this just isn't worth the cost of fixing
-    "AttributeID.*Supress.*",
+    "AttributeID.*Suppress.*",
 ]
 
 [default.extend-identifiers]
 # *sigh* this just isn't worth the cost of fixing
-AttributeIDSupressMenu = "AttributeIDSupressMenu"
+AttributeIDSuppressMenu = "AttributeIDSuppressMenu"
 
 [default.extend-words]
-# Don't correct the surname "Teh"
+# Don't correct the surname "The"
-teh = "teh"
+the = "the"
 ```
 
 For cases like localized content, you can disable spell checking of file contents while still checking the file name:

crates/typos-cli/src/dict.rs

@@ -44,9 +44,9 @@ impl BuiltIn {
         } else {
             self.correct_with_vars(word_case)?
         };
-        corrections
+        for s in corrections.corrections_mut() {
-            .corrections_mut()
+            case_correct(s, word_token.case())
-            .for_each(|s| case_correct(s, word_token.case()));
+        }
         Some(corrections)
     }
 }
@@ -290,7 +290,7 @@ mod test {
     fn test_dict_correct() {
         let dict = BuiltIn::new(crate::config::Locale::default());
         let correction = dict.correct_word(typos::tokens::Word::new_unchecked(
-            "finallizes",
+            "finalizes",
             typos::tokens::Case::Lower,
             0,
         ));
@@ -344,7 +344,7 @@ mod test {
     fn test_dict_to_varcon() {
         let dict = BuiltIn::new(crate::config::Locale::EnGb);
         let correction = dict.correct_word(typos::tokens::Word::new_unchecked(
-            "finallizes",
+            "finalizes",
             typos::tokens::Case::Lower,
             0,
         ));

crates/typos-cli/src/file_type.rs

@@ -127,7 +127,7 @@ impl Types {
         let mut mpath = Path::new(path);
         let mut matches = self.matches.get_or_default().borrow_mut();
         loop {
-            self.set.matches_into(mpath.file_name()?, &mut *matches);
+            self.set.matches_into(mpath.file_name()?, &mut matches);
             if !matches.is_empty() {
                 break;
             }

deny.toml

@@ -0,0 +1,139 @@
+# Note that all fields that take a lint level have these possible values:
+# * deny - An error will be produced and the check will fail
+# * warn - A warning will be produced, but the check will not fail
+# * allow - No warning or error will be produced, though in some cases a note
+# will be
+
+# This section is considered when running `cargo deny check advisories`
+# More documentation for the advisories section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+# The lint level for security vulnerabilities
+vulnerability = "deny"
+# The lint level for unmaintained crates
+unmaintained = "warn"
+# The lint level for crates that have been yanked from their source registry
+yanked = "warn"
+# The lint level for crates with security notices. Note that as of
+# 2019-12-17 there are no security notice advisories in
+# https://github.com/rustsec/advisory-db
+notice = "warn"
+# A list of advisory IDs to ignore. Note that ignored advisories will still
+# output a note when they are encountered.
+#
+# e.g. "RUSTSEC-0000-0000",
+ignore = [
+]
+
+# This section is considered when running `cargo deny check licenses`
+# More documentation for the licenses section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+unlicensed = "deny"
+# List of explicitly allowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
+allow = [
+    "MIT",
+    "MIT-0",
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "MPL-2.0",
+    "Unicode-DFS-2016",
+    "CC0-1.0",
+]
+# List of explicitly disallowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
+deny = [
+]
+# Lint level for licenses considered copyleft
+copyleft = "deny"
+# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
+# * both - The license will be approved if it is both OSI-approved *AND* FSF
+# * either - The license will be approved if it is either OSI-approved *OR* FSF
+# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
+# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
+# * neither - This predicate is ignored and the default lint level is used
+allow-osi-fsf-free = "neither"
+# Lint level used when no other predicates are matched
+# 1. License isn't in the allow or deny lists
+# 2. License isn't copyleft
+# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
+default = "deny"
+# The confidence threshold for detecting a license from license text.
+# The higher the value, the more closely the license text must be to the
+# canonical license text of a valid SPDX license file.
+# [possible values: any between 0.0 and 1.0].
+confidence-threshold = 0.8
+# Allow 1 or more licenses on a per-crate basis, so that particular licenses
+# aren't accepted for every possible crate as with the normal allow list
+exceptions = [
+    # Each entry is the crate and version constraint, and its specific allow
+    # list
+    #{ allow = ["Zlib"], name = "adler32", version = "*" },
+]
+
+[licenses.private]
+# If true, ignores workspace crates that aren't published, or are only
+# published to private registries.
+# To see how to mark a crate as unpublished (to the official registry),
+# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
+ignore = true
+
+# This section is considered when running `cargo deny check bans`.
+# More documentation about the 'bans' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+# Lint level for when multiple versions of the same crate are detected
+multiple-versions = "warn"
+# Lint level for when a crate version requirement is `*`
+wildcards = "deny"
+# The graph highlighting used when creating dotgraphs for crates
+# with multiple versions
+# * lowest-version - The path to the lowest versioned duplicate is highlighted
+# * simplest-path - The path to the version with the fewest edges is highlighted
+# * all - Both lowest-version and simplest-path are used
+highlight = "all"
+# The default lint level for `default` features for crates that are members of
+# the workspace that is being checked. This can be overridden by allowing/denying
+# `default` on a crate-by-crate basis if desired.
+workspace-default-features = "allow"
+# The default lint level for `default` features for external crates that are not
+# members of the workspace. This can be overridden by allowing/denying `default`
+# on a crate-by-crate basis if desired.
+external-default-features = "allow"
+# List of crates that are allowed. Use with care!
+allow = [
+    #{ name = "ansi_term", version = "=0.11.0" },
+]
+# List of crates to deny
+deny = [
+    # Each entry the name of a crate and a version range. If version is
+    # not specified, all versions will be matched.
+    #{ name = "ansi_term", version = "=0.11.0" },
+    #
+    # Wrapper crates can optionally be specified to allow the crate when it
+    # is a direct dependency of the otherwise banned crate
+    #{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
+]
+
+# This section is considered when running `cargo deny check sources`.
+# More documentation about the 'sources' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+# Lint level for what to happen when a crate from a crate registry that is not
+# in the allow list is encountered
+unknown-registry = "deny"
+# Lint level for what to happen when a crate from a git repository that is not
+# in the allow list is encountered
+unknown-git = "deny"
+# List of URLs for allowed crate registries. Defaults to the crates.io index
+# if not specified. If it is specified but empty, no registries are allowed.
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+# List of URLs for allowed Git repositories
+allow-git = []
+
+[sources.allow-org]
+# 1 or more github.com organizations to allow git sources for
+github = []