zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zebra/deny.toml

150 lines
5.8 KiB
TOML
Raw Permalink Blame History

# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "deny"
# Don't allow wildcard ("any version") dependencies
# TODO: Change to `deny` after we upgrade to crates.io version of the ECC dependencies (#8749).
wildcards = "allow"
# Allow private and dev wildcard dependencies.
# Switch this to `false` when #6924 is implemented.
allow-wildcard-paths = true
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# List of crates that are allowed. Use with care!
#allow = [
#]
# List of crates that can never become Zebra dependencies.
deny = [
# Often has memory safety vulnerabilities.
# Enabled by --all-features, use the `cargo hack` script in the deny.toml CI job instead.
{ name = "openssl" },
{ name = "openssl-sys" },
]
# We only use this for some `librustzcash` and `orchard` crates.
# If we add a crate here, duplicate dependencies of that crate are still shown.
#
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite
skip-tree = [
# wait for ordered-map to release a dependency fix
{ name = "ordered-map", version = "=0.4.2" },
# wait for primitive-types to upgrade
{ name = "proc-macro-crate", version = "=0.1.5" },
# wait for `color-eyre` to upgrade
{ name = "owo-colors", version = "=3.5.0" },
# wait for structopt upgrade (or upgrade to clap 4)
{ name = "clap", version = "=2.34.0" },
# wait for abscissa_core to upgrade
{name = "tracing-log", version = "=0.1.4" },
# wait for tokio-test -> tokio-stream to upgrade
{ name = "tokio-util", version = "=0.6.10" },
# wait for console-subscriber and tower to update hdrhistogram.
# also wait for ron to update insta, and wait for tonic update.
{ name = "base64", version = "=0.13.1" },
# wait for elasticsearch to update base64, darling, rustc_version, serde_with
{ name = "elasticsearch", version = "=8.5.0-alpha.1" },
# wait for reqwest to update base64
{ name = "base64", version = "=0.21.7" },
{ name = "sync_wrapper", version = "0.1.2" },
# wait for jsonrpc-http-server to update hyper or for Zebra to replace jsonrpc (#8682)
{ name = "h2", version = "=0.3.26" },
{ name = "http", version = "=0.2.12" },
{ name = "http-body", version = "=0.4.6" },
{ name = "hyper", version = "=0.14.31" },
{ name = "hyper-rustls", version = "=0.24.2" },
{ name = "reqwest", version = "=0.11.27" },
{ name = "rustls", version = "=0.21.12" },
{ name = "rustls-pemfile", version = "=1.0.4" },
{ name = "rustls-webpki", version = "=0.101.7" },
{ name = "tokio-rustls", version = "=0.24.1" },
{ name = "webpki-roots", version = "=0.25.4" },
# wait for structopt-derive to update heck
{ name = "heck", version = "=0.3.3" },
# wait for librocksdb-sys to update bindgen to one that uses newer itertools
{ name = "itertools", version = "=0.12.1" },
{ name = "bindgen", version = "=0.69.5" },
# wait for halo2_gadgets and primitive-types to update uint
{ name = "uint", version = "=0.9.5" },
# wait for dirs-sys to update windows-sys
{ name = "windows-sys", version = "=0.48.0" },
# wait for zebra to update tower
{ name = "tower", version = "=0.4.13" },
{ name = "hashbrown", version = "=0.14.5" },
# wait for zebra to update vergen
{ name = "thiserror", version = "=1.0.69" },
{ name = "thiserror-impl", version = "=1.0.69" },
# Remove after release candicate period is over and the ECC crates are not patched anymore
{ name = "equihash", version = "=0.2.0" },
{ name = "f4jumble", version = "=0.1.0" },
{ name = "incrementalmerkletree", version = "=0.6.0" },
{ name = "zcash_address", version = "=0.4.0" },
{ name = "zcash_keys", version = "=0.3.0" },
{ name = "zcash_primitives", version = "=0.16.0" },
{ name = "zcash_protocol", version = "=0.2.0" }
]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = [
"https://github.com/zcash/librustzcash.git",
"https://github.com/zcash/incrementalmerkletree",
"https://github.com/zcash/orchard",
"https://github.com/zcash/sapling-crypto"
]
[sources.allow-org]
github = [
]
Reference in New Issue View Git Blame Copy Permalink