forked from ZcashFoundation/zebra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deny.toml
144 lines (111 loc) · 4.98 KB
/
deny.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "deny"
# Don't allow wildcard ("any version") dependencies
wildcards = "deny"
# Allow private and dev wildcard dependencies.
# Switch this to `false` when #6924 is implemented.
allow-wildcard-paths = true
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# List of crates that are allowed. Use with care!
#allow = [
#]
# List of crates that can never become Zebra dependencies.
deny = [
# Often has memory safety vulnerabilities.
# Enabled by --all-features, use the `cargo hack` script in the deny.toml CI job instead.
{ name = "openssl" },
{ name = "openssl-sys" },
]
# We only use this for some `librustzcash` and `orchard` crates.
# If we add a crate here, duplicate dependencies of that crate are still shown.
#
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite
skip-tree = [
# wait for ordered-map to release a dependency fix
{ name = "ordered-map", version = "=0.4.2" },
# wait for primitive-types to upgrade
{ name = "proc-macro-crate", version = "=0.1.5" },
# wait for criterion to upgrade
{ name = "itertools", version = "=0.10.5" },
# wait for h2 and tower to upgrade
{ name = "indexmap", version = "=1.9.3" },
# wait for rocksdb to upgrade
{ name = "bindgen", version = "=0.65.1" },
# wait for tracing and many other crates to upgrade
# this duplicate dependency currently only exists in testing builds
{ name = "regex-syntax", version = "=0.6.29" },
# wait for `parking_lot` crate inside `jsonrpc-http-server` to upgrade
{ name = "redox_syscall", version = "=0.2.16" },
# wait for `color-eyre` to upgrade
{ name = "owo-colors", version = "=3.5.0" },
# ZF crates
# wait for indexmap, toml_edit, serde_json, tower to upgrade
{ name = "hashbrown", version = "=0.12.3" },
# wait for zcash_script to upgrade
{ name = "metrics", version = "=0.21.1" },
# ECC crates
# wait for hdwallet to upgrade
{ name = "ring", version = "=0.16.20" },
# zebra-utils dependencies
# wait for structopt upgrade (or upgrade to clap 4)
{ name = "clap", version = "=2.34.0" },
{ name = "heck", version = "=0.3.3" },
# wait for abscissa_core to upgrade
{name = "tracing-log", version = "=0.1.4" },
# wait for prost to upgrade
{name = "itertools", version = "=0.11.0" },
# Test-only dependencies
# wait for tokio-test -> tokio-stream to upgrade
{ name = "tokio-util", version = "=0.6.10" },
# wait for console-subscriber and tower to update hdrhistogram.
# also wait for ron to update insta, and wait for tonic update.
{ name = "base64", version = "=0.13.1" },
{ name = "windows-sys", version = "=0.45.0" },
# wait for proptest's rusty-fork dependency to upgrade quick-error
{ name = "quick-error", version = "=1.2.3" },
# Optional dependencies
# upgrade abscissa (required dependency) and arti (optional dependency)
{ name = "semver", version = "=0.9.0" },
# Elasticsearch dependencies
# wait for elasticsearch to update base64, darling, rustc_version, serde_with
{ name = "elasticsearch", version = "=8.5.0-alpha.1" },
]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = [
]
[sources.allow-org]
github = [
]