chore: update example config with ratelimit opts; format TOML

Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Iefb657f4564caa8fd9a0ec375522c4726a6a6964
2026-03-08 01:06:57 +03:00 · 2026-03-08 01:06:57 +03:00 · cb10c84809
commit cb10c84809
parent 99b3c01d22
4 changed files with 96 additions and 72 deletions
--- a/.deny.toml
+++ b/.deny.toml
@ -23,13 +23,13 @@
 # dependencies not shared by any other crates, would be ignored, as the target
 # list here is effectively saying which targets you are building for.
 targets = [
-    # The triple can be any string, but only the target triples built in to
-    # rustc (as of 1.40) can be checked against actual config expressions
-    #"x86_64-unknown-linux-musl",
-    # You can also specify which target_features you promise are enabled for a
-    # particular target. target_features are currently not validated against
-    # the actual valid features supported by the target architecture.
-    #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
+  # The triple can be any string, but only the target triples built in to
+  # rustc (as of 1.40) can be checked against actual config expressions
+  #"x86_64-unknown-linux-musl",
+  # You can also specify which target_features you promise are enabled for a
+  # particular target. target_features are currently not validated against
+  # the actual valid features supported by the target architecture.
+  #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
 ]
 # When creating the dependency graph used as the source of truth when checks are
 # executed, this field can be used to prune crates from the graph, removing them
@ -70,23 +70,23 @@ feature-depth = 1
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
-    # Dioxus pulls a whole bunch of GTK3 dependencies that are all deprecated and
-    # marked insecure. Unfortunately, there doesn't seem to be a GTK4 migration
-    # in sight, so we'll have to ignore them for now.
-    { id = "RUSTSEC-2024-0370", reason = "Used by GTK3 and there is no alternative!"},
-    { id = "RUSTSEC-2024-0411", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0412", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0413", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0415", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0416", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0418", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0419", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0420", reason = "Used by Dioxus and there is no alternative!"}
+  # Dioxus pulls a whole bunch of GTK3 dependencies that are all deprecated and
+  # marked insecure. Unfortunately, there doesn't seem to be a GTK4 migration
+  # in sight, so we'll have to ignore them for now.
+  { id = "RUSTSEC-2024-0370", reason = "Used by GTK3 and there is no alternative!" },
+  { id = "RUSTSEC-2024-0411", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0412", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0413", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0415", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0416", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0418", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0419", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0420", reason = "Used by Dioxus and there is no alternative!" },

-    #"RUSTSEC-0000-0000",
-    #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
-    #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
-    #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
+  #"RUSTSEC-0000-0000",
+  #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
+  #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
+  #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.
@ -120,9 +120,9 @@ confidence-threshold = 0.8
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
-    # Each entry is the crate and version constraint, and its specific allow
-    # list
-    #{ allow = ["Zlib"], crate = "adler32" },
+  # Each entry is the crate and version constraint, and its specific allow
+  # list
+  #{ allow = ["Zlib"], crate = "adler32" },
 ]

 # Some crates don't have (easily) machine readable licensing information,
@ -153,7 +153,7 @@ ignore = false
 # is only published to private registries, and ignore is true, the crate will
 # not have its license(s) checked
 registries = [
-    #"https://sekretz.com/registry
+  #"https://sekretz.com/registry
 ]

 # This section is considered when running `cargo deny check bans`.
@ -180,8 +180,8 @@ workspace-default-features = "allow"
 external-default-features = "allow"
 # List of crates that are allowed. Use with care!
 allow = [
-    #"ansi_term@0.11.0",
-    #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
+  #"ansi_term@0.11.0",
+  #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
 ]
 # If true, workspace members are automatically allowed even when using deny-by-default
 # This is useful for organizations that want to deny all external dependencies by default
@ -189,11 +189,11 @@ allow = [
 allow-workspace = false
 # List of crates to deny
 deny = [
-    #"ansi_term@0.11.0",
-    #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
-    # Wrapper crates can optionally be specified to allow the crate when it
-    # is a direct dependency of the otherwise banned crate
-    #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
+  #"ansi_term@0.11.0",
+  #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
+  # Wrapper crates can optionally be specified to allow the crate when it
+  # is a direct dependency of the otherwise banned crate
+  #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
 ]

 # List of features to allow/deny
@ -221,16 +221,16 @@ deny = [

 # Certain crates/versions that will be skipped when doing duplicate detection.
 skip = [
-    #"ansi_term@0.11.0",
-    #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
+  #"ansi_term@0.11.0",
+  #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
 ]
 # Similarly to `skip` allows you to skip certain crates during duplicate
 # detection. Unlike skip, it also includes the entire tree of transitive
 # dependencies starting at the specified crate, up to a certain depth, which is
 # by default infinite.
 skip-tree = [
-    #"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
-    #{ crate = "ansi_term@0.11.0", depth = 20 },
+  #"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
+  #{ crate = "ansi_term@0.11.0", depth = 20 },
 ]

 # This section is considered when running `cargo deny check sources`.