-
Notifications
You must be signed in to change notification settings - Fork 111
/
Copy pathdeny.toml
158 lines (121 loc) · 5.55 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "deny"
# Don't allow wildcard ("any version") dependencies
wildcards = "deny"
# Allow private and dev wildcard dependencies.
# Switch this to `false` when #6924 is implemented.
allow-wildcard-paths = true
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# List of crates that are allowed. Use with care!
#allow = [
#]
# List of crates that can never become Zebra dependencies.
deny = [
# Often has memory safety vulnerabilities.
# Enabled by --all-features, use the `cargo hack` script in the deny.toml CI job instead.
{ name = "openssl" },
{ name = "openssl-sys" },
]
# We only use this for some `librustzcash` and `orchard` crates.
# If we add a crate here, duplicate dependencies of that crate are still shown.
#
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite
skip-tree = [
# wait for ordered-map to release a dependency fix
{ name = "ordered-map", version = "=0.4.2" },
# wait for primitive-types to upgrade
{ name = "proc-macro-crate", version = "=0.1.5" },
# wait for prost-build to upgrade
{ name = "prettyplease", version = "=0.1.25" },
# wait for criterion to upgrade
{ name = "itertools", version = "=0.10.5" },
# wait for backtrace and multiple dependents to upgrade
{ name = "miniz_oxide", version = "=0.6.2" },
# wait for h2 and tower to upgrade
{ name = "indexmap", version = "=1.9.3" },
# ZF crates
# wait for zcashd and zcash_script to upgrade
# https://github.com/ZcashFoundation/zcash_script/pulls
{ name = "metrics", version = "=0.20.1" },
{ name = "sha2", version = "=0.9.9" },
# wait for ed25519-zebra, indexmap, metrics-util, and metrics to upgrade
# ed25519-zebra/hashbrown: https://github.com/ZcashFoundation/ed25519-zebra/pull/65
{ name = "ahash", version = "=0.7.6" },
# wait for indexmap, toml_edit, serde_json, tower to upgrade
{ name = "hashbrown", version = "=0.12.3" },
# wait for metrics-exporter-prometheus to upgrade
{ name = "hashbrown", version = "=0.13.2" },
# wait for zebra-chain to upgrade
{ name = "secp256k1", version = "=0.21.3" },
# wait for zebra-chain to upgrade `secp256k1`
{ name = "secp256k1-sys", version = "=0.4.2" },
# ECC crates
# wait for zcash_primitives to remove duplicated dependencies
{ name = "block-buffer", version = "=0.9.0" },
# wait for zcash_address to upgrade
{ name = "bs58", version = "=0.4.0" },
# wait for minreq and zcash_proofs to upgrade
{ name = "rustls", version = "=0.20.8" },
# zebra-utils dependencies
# wait for structopt upgrade (or upgrade to clap 4)
{ name = "clap", version = "=2.34.0" },
{ name = "heck", version = "=0.3.3" },
# Test-only dependencies
# wait for tokio-test -> tokio-stream to upgrade
{ name = "tokio-util", version = "=0.6.10" },
# wait for proptest-derive to upgrade proc-macro2 and syn
{ name = "unicode-xid", version = "=0.1.0"},
# wait for console-subscriber and tower to update hdrhistogram.
# also wait for ron to update insta, and wait for tonic update.
{ name = "base64", version = "=0.13.1" },
# wait for proptest's rusty-fork dependency to upgrade quick-error
{ name = "quick-error", version = "=1.2.3" },
# Optional dependencies
# upgrade abscissa (required dependency) and arti (optional dependency)
{ name = "semver", version = "=0.9.0" },
# Elasticsearch dependencies
# wait for elasticsearch to update base64, darling, rustc_version, serde_with
{ name = "elasticsearch", version = "=8.5.0-alpha.1" },
# Unused dependencies
# we don't support Windows at the moment (#3801)
{ name = "windows-sys", version = "=0.42.0" },
]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = [
]
[sources.allow-org]
github = [
]