156 lines
5.4 KiB
TOML
156 lines
5.4 KiB
TOML
# Note that all fields that take a lint level have these possible values:
|
|
# * deny - An error will be produced and the check will fail
|
|
# * warn - A warning will be produced, but the check will not fail
|
|
# * allow - No warning or error will be produced, though in some cases a note
|
|
# will be
|
|
|
|
# This section is considered when running `cargo deny check bans`.
|
|
# More documentation about the 'bans' section can be found here:
|
|
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
|
|
[bans]
|
|
# Lint level for when multiple versions of the same crate are detected
|
|
multiple-versions = "deny"
|
|
|
|
# Don't allow wildcard ("any version") dependencies
|
|
wildcards = "deny"
|
|
# Allow private and dev wildcard dependencies.
|
|
# Switch this to `false` when #6924 is implemented.
|
|
allow-wildcard-paths = true
|
|
|
|
# The graph highlighting used when creating dotgraphs for crates
|
|
# with multiple versions
|
|
# * lowest-version - The path to the lowest versioned duplicate is highlighted
|
|
# * simplest-path - The path to the version with the fewest edges is highlighted
|
|
# * all - Both lowest-version and simplest-path are used
|
|
highlight = "all"
|
|
|
|
# List of crates that are allowed. Use with care!
|
|
#allow = [
|
|
#]
|
|
|
|
# List of crates that can never become Zebra dependencies.
|
|
deny = [
|
|
# Often has memory safety vulnerabilities.
|
|
# Enabled by --all-features, use the `cargo hack` script in the deny.toml CI job instead.
|
|
{ name = "openssl" },
|
|
{ name = "openssl-sys" },
|
|
]
|
|
|
|
# We only use this for some `librustzcash` and `orchard` crates.
|
|
# If we add a crate here, duplicate dependencies of that crate are still shown.
|
|
#
|
|
# Certain crates/versions that will be skipped when doing duplicate detection.
|
|
skip = [
|
|
]
|
|
|
|
# Similarly to `skip` allows you to skip certain crates during duplicate
|
|
# detection. Unlike skip, it also includes the entire tree of transitive
|
|
# dependencies starting at the specified crate, up to a certain depth, which is
|
|
# by default infinite
|
|
skip-tree = [
|
|
# wait for ordered-map to release a dependency fix
|
|
{ name = "ordered-map", version = "=0.4.2" },
|
|
|
|
# wait for primitive-types to upgrade
|
|
{ name = "proc-macro-crate", version = "=0.1.5" },
|
|
|
|
# wait for prost-build to upgrade
|
|
{ name = "prettyplease", version = "=0.1.25" },
|
|
|
|
# wait for criterion to upgrade
|
|
{ name = "itertools", version = "=0.10.5" },
|
|
|
|
# wait for backtrace and multiple dependents to upgrade
|
|
{ name = "miniz_oxide", version = "=0.6.2" },
|
|
|
|
# wait for h2 and tower to upgrade
|
|
{ name = "indexmap", version = "=1.9.3" },
|
|
|
|
# ZF crates
|
|
|
|
# wait for zcashd and zcash_script to upgrade
|
|
# https://github.com/ZcashFoundation/zcash_script/pulls
|
|
{ name = "metrics", version = "=0.20.1" },
|
|
{ name = "sha2", version = "=0.9.9" },
|
|
|
|
# wait for ed25519-zebra, indexmap, metrics-util, and metrics to upgrade
|
|
# ed25519-zebra/hashbrown: https://github.com/ZcashFoundation/ed25519-zebra/pull/65
|
|
{ name = "ahash", version = "=0.7.6" },
|
|
|
|
# wait for indexmap, toml_edit, serde_json, tower to upgrade
|
|
{ name = "hashbrown", version = "=0.12.3" },
|
|
# wait for metrics-exporter-prometheus to upgrade
|
|
{ name = "hashbrown", version = "=0.13.2" },
|
|
|
|
# ECC crates
|
|
|
|
# wait for zcash_primitives to remove duplicated dependencies
|
|
{ name = "block-buffer", version = "=0.9.0" },
|
|
|
|
# wait for zcash_address to upgrade
|
|
{ name = "bs58", version = "=0.4.0" },
|
|
|
|
# wait for minreq and zcash_proofs to upgrade
|
|
{ name = "rustls", version = "=0.20.8" },
|
|
|
|
# zebra-utils dependencies
|
|
|
|
# wait for structopt upgrade (or upgrade to clap 4)
|
|
{ name = "clap", version = "=2.34.0" },
|
|
{ name = "heck", version = "=0.3.3" },
|
|
|
|
# Test-only dependencies
|
|
|
|
# wait for tokio-test -> tokio-stream to upgrade
|
|
{ name = "tokio-util", version = "=0.6.10" },
|
|
|
|
# wait for proptest-derive to upgrade proc-macro2 and syn
|
|
{ name = "unicode-xid", version = "=0.1.0"},
|
|
|
|
# wait for console-subscriber and tower to update hdrhistogram.
|
|
# also wait for ron to update insta, and wait for tonic update.
|
|
{ name = "base64", version = "=0.13.1" },
|
|
|
|
# wait for proptest's rusty-fork dependency to upgrade quick-error
|
|
{ name = "quick-error", version = "=1.2.3" },
|
|
|
|
# Optional dependencies
|
|
|
|
# upgrade abscissa (required dependency) and arti (optional dependency)
|
|
{ name = "semver", version = "=0.9.0" },
|
|
|
|
# wait for packed_simd_2 to upgrade
|
|
{ name = "libm", version = "=0.1.4" },
|
|
|
|
# Elasticsearch dependencies
|
|
|
|
# wait for elasticsearch to update base64, darling, rustc_version, serde_with
|
|
{ name = "elasticsearch", version = "=8.5.0-alpha.1" },
|
|
|
|
# Unused dependencies
|
|
|
|
# we don't support Windows at the moment (#3801)
|
|
{ name = "windows-sys", version = "=0.42.0" },
|
|
]
|
|
|
|
# This section is considered when running `cargo deny check sources`.
|
|
# More documentation about the 'sources' section can be found here:
|
|
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
|
|
[sources]
|
|
# Lint level for what to happen when a crate from a crate registry that is not
|
|
# in the allow list is encountered
|
|
unknown-registry = "deny"
|
|
# Lint level for what to happen when a crate from a git repository that is not
|
|
# in the allow list is encountered
|
|
unknown-git = "deny"
|
|
# List of URLs for allowed crate registries. Defaults to the crates.io index
|
|
# if not specified. If it is specified but empty, no registries are allowed.
|
|
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|
|
# List of URLs for allowed Git repositories
|
|
allow-git = [
|
|
]
|
|
|
|
[sources.allow-org]
|
|
github = [
|
|
]
|