# Note that all fields that take a lint level have these possible values: # * deny - An error will be produced and the check will fail # * warn - A warning will be produced, but the check will not fail # * allow - No warning or error will be produced, though in some cases a note # will be # This section is considered when running `cargo deny check bans`. # More documentation about the 'bans' section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html [bans] # Lint level for when multiple versions of the same crate are detected multiple-versions = "deny" # Don't allow wildcard ("any version") dependencies # TODO: Change to `deny` after we upgrade to crates.io version of the ECC dependencies (#8749). wildcards = "allow" # Allow private and dev wildcard dependencies. # Switch this to `false` when #6924 is implemented. allow-wildcard-paths = true # The graph highlighting used when creating dotgraphs for crates # with multiple versions # * lowest-version - The path to the lowest versioned duplicate is highlighted # * simplest-path - The path to the version with the fewest edges is highlighted # * all - Both lowest-version and simplest-path are used highlight = "all" # List of crates that are allowed. Use with care! #allow = [ #] # List of crates that can never become Zebra dependencies. deny = [ # Often has memory safety vulnerabilities. # Enabled by --all-features, use the `cargo hack` script in the deny.toml CI job instead. { name = "openssl" }, { name = "openssl-sys" }, ] # We only use this for some `librustzcash` and `orchard` crates. # If we add a crate here, duplicate dependencies of that crate are still shown. # # Certain crates/versions that will be skipped when doing duplicate detection. skip = [ ] # Similarly to `skip` allows you to skip certain crates during duplicate # detection. Unlike skip, it also includes the entire tree of transitive # dependencies starting at the specified crate, up to a certain depth, which is # by default infinite skip-tree = [ # wait for ordered-map to release a dependency fix { name = "ordered-map", version = "=0.4.2" }, # wait for primitive-types to upgrade { name = "proc-macro-crate", version = "=0.1.5" }, # wait for `color-eyre` to upgrade { name = "owo-colors", version = "=3.5.0" }, # wait for structopt upgrade (or upgrade to clap 4) { name = "clap", version = "=2.34.0" }, # wait for abscissa_core to upgrade {name = "tracing-log", version = "=0.1.4" }, # wait for tokio-test -> tokio-stream to upgrade { name = "tokio-util", version = "=0.6.10" }, # wait for console-subscriber and tower to update hdrhistogram. # also wait for ron to update insta, and wait for tonic update. { name = "base64", version = "=0.13.1" }, # wait for elasticsearch to update base64, darling, rustc_version, serde_with { name = "elasticsearch", version = "=8.5.0-alpha.1" }, # wait for reqwest to update base64 { name = "base64", version = "=0.21.7" }, { name = "sync_wrapper", version = "0.1.2" }, # wait for jsonrpc-http-server to update hyper or for Zebra to replace jsonrpc (#8682) { name = "h2", version = "=0.3.26" }, { name = "http", version = "=0.2.12" }, { name = "http-body", version = "=0.4.6" }, { name = "hyper", version = "=0.14.30" }, # TODO: Remove this after we upgrade ECC dependencies to a crates.io version (#8749) { name = "equihash", version = "=0.2.0" }, { name = "f4jumble", version = "=0.1.0" }, { name = "secp256k1", version = "=0.26.0" }, { name = "zcash_address", version = "=0.5.0" }, { name = "zcash_client_backend", version = "=0.13.0" }, # wait for structopt-derive to update heck { name = "heck", version = "=0.3.3" }, # wait for librocksdb-sys to update bindgen to one that uses newer itertools { name = "itertools", version = "=0.12.1" } ] # This section is considered when running `cargo deny check sources`. # More documentation about the 'sources' section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html [sources] # Lint level for what to happen when a crate from a crate registry that is not # in the allow list is encountered unknown-registry = "deny" # Lint level for what to happen when a crate from a git repository that is not # in the allow list is encountered unknown-git = "deny" # List of URLs for allowed crate registries. Defaults to the crates.io index # if not specified. If it is specified but empty, no registries are allowed. allow-registry = ["https://github.com/rust-lang/crates.io-index"] # List of URLs for allowed Git repositories allow-git = [ "https://github.com/zcash/librustzcash.git" ] [sources.allow-org] github = [ ]