-
Notifications
You must be signed in to change notification settings - Fork 89
/
Cargo.toml
160 lines (149 loc) Β· 4.81 KB
/
Cargo.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
[package]
name = "cargo-deny"
description = "Cargo plugin to help you manage large dependency graphs"
repository = "https://github.com/EmbarkStudios/cargo-deny"
version = "0.16.3"
authors = [
"Embark <[email protected]>",
"Jake Shadle <[email protected]>",
]
edition = "2021"
license = "MIT OR Apache-2.0"
readme = "README.md"
documentation = "https://docs.rs/cargo-deny"
homepage = "https://github.com/EmbarkStudios/cargo-deny"
categories = ["development-tools::cargo-plugins"]
keywords = ["cargo", "license", "spdx", "ci", "advisories"]
exclude = ["docs/", "examples/", ".github/", "tests"]
rust-version = "1.81.0"
[badges]
maintenance = { status = "actively-developed" }
[[bin]]
name = "cargo-deny"
path = "src/cargo-deny/main.rs"
[features]
default = ["reqwest/rustls-tls-webpki-roots", "tame-index/default"]
# Enables the use of OS native certificate store.
native-certs = ["reqwest/rustls-tls-native-roots", "tame-index/native-certs"]
#default = ["vendored-openssl", "vendored-libgit2"]
# Allows the use of a vendored version openssl when compiling libgit, which allows
# us to compile static executables (eg musl) and avoid system dependencies
#vendored-openssl = ["cargo?/vendored-openssl", "git2/vendored-openssl"]
#vendored-libgit2 = ["cargo?/vendored-libgit2", "git2/vendored-libgit2"]
# Allows embedding cargo as a library so that we can run in minimal (eg container)
# environments that don't need to have cargo/rust installed on them for cargo-deny
# to still function
#standalone = ["cargo"]
[dependencies]
# Output coloring
nu-ansi-term = "0.50"
# Easy errors
anyhow = "1.0"
# Used for detecting the license type of a file
askalono = { version = "0.5", default-features = false }
# Used to track various things during check runs
bitvec = { version = "1.0", features = ["alloc"] }
# Much nicer paths
camino = "1.1"
cfg-expr = "0.17"
# Allows us to do eg cargo metadata operations without relying on an external cargo
#cargo = { version = "0.71", optional = true }
# Argument parsing, kept aligned with cargo
clap = { version = "4.5", features = ["derive", "env"] }
# Used for diagnostic reporting
codespan = { version = "0.11", features = ["serialization"] }
codespan-reporting = { version = "0.11", features = ["serialization"] }
# Brrrrr
crossbeam = "0.8"
# Logging utilities
fern = "0.7"
# Glob matching
globset = "0.4"
# Native executable detection
goblin = { version = "0.9", default-features = false, features = [
"elf32",
"elf64",
"mach32",
"mach64",
"pe32",
"pe64",
"te",
] }
# We need to figure out HOME/CARGO_HOME in some cases
home = "0.5"
# Provides graphs on top of cargo_metadata
krates = { version = "0.17", features = ["targets"] }
# Log macros
log = "0.4"
# Faster char searching
memchr = "2.7"
# Nicer sync primitives
parking_lot = "0.12"
# Moar brrrr
rayon = "1.4"
# HTTP client backing gix, we don't use it directly but need it here for configuration
# due to ...reasons
reqwest = { version = "0.12", default-features = false, features = ["http2"] }
# sha-256 hash calculation, already a dependency via rustls/etc
ring = "0.17"
# Used for interacting with advisory databases
rustsec = { version = "0.30", default-features = false }
# Parsing and checking of versions/version requirements
semver = "1.0"
# Gee what could it be
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
# Avoid some heap allocations when we likely won't need them
smallvec = "1.9"
# Used for parsing and checking SPDX license expressions
spdx = "0.10"
# Lazy
strum = { version = "0.26", features = ["derive"] }
# Index retrieval and querying
tame-index = { version = "0.16", default-features = false, features = [
"git",
"local",
"sparse",
] }
# Timestamp emission
time = { version = "0.3", default-features = false, features = [
"formatting",
"macros",
] }
# Deserialization of configuration files and crate manifests
toml-span = { version = "0.3", features = ["reporting"] }
# Small fast hash crate
twox-hash = { version = "2.0", default-features = false, features = ["xxhash32"] }
# Url parsing/manipulation
url = "2.5"
# Directory traversal
walkdir = "2.3"
# We clone/fetch advisory databases
[dependencies.gix]
version = "0.68"
default-features = false
features = [
"blocking-http-transport-reqwest",
"blocking-network-client",
"interrupt",
"worktree-mutation",
]
[dev-dependencies]
# Folder copying
fs_extra = "1.3"
# Snapshot testing
insta = { version = "1.41", features = ["json"] }
tame-index = { version = "0.16", features = ["local-builder"] }
time = { version = "0.3", features = ["serde"] }
toml-span = { version = "0.3", features = ["serde"] }
# We use this for creating fake crate directories for crawling license files on disk
tempfile = "3.14"
# divan = "0.1"
# [[bench]]
# name = "license_data"
# harness = false
[profile.dev.package.insta]
opt-level = 3
[profile.dev.package.similar]
opt-level = 3
[workspace]