[package] name = "cargo-deny" description = "Cargo plugin to help you manage large dependency graphs" repository = "https://github.com/EmbarkStudios/cargo-deny" version = "0.16.3" authors = [ "Embark ", "Jake Shadle ", ] edition = "2021" license = "MIT OR Apache-2.0" readme = "README.md" documentation = "https://docs.rs/cargo-deny" homepage = "https://github.com/EmbarkStudios/cargo-deny" categories = ["development-tools::cargo-plugins"] keywords = ["cargo", "license", "spdx", "ci", "advisories"] exclude = ["docs/", "examples/", ".github/", "tests"] rust-version = "1.81.0" [badges] maintenance = { status = "actively-developed" } [[bin]] name = "cargo-deny" path = "src/cargo-deny/main.rs" [features] default = ["reqwest/rustls-tls-webpki-roots", "tame-index/default"] # Enables the use of OS native certificate store. native-certs = ["reqwest/rustls-tls-native-roots", "tame-index/native-certs"] #default = ["vendored-openssl", "vendored-libgit2"] # Allows the use of a vendored version openssl when compiling libgit, which allows # us to compile static executables (eg musl) and avoid system dependencies #vendored-openssl = ["cargo?/vendored-openssl", "git2/vendored-openssl"] #vendored-libgit2 = ["cargo?/vendored-libgit2", "git2/vendored-libgit2"] # Allows embedding cargo as a library so that we can run in minimal (eg container) # environments that don't need to have cargo/rust installed on them for cargo-deny # to still function #standalone = ["cargo"] [dependencies] # Output coloring nu-ansi-term = "0.50" # Easy errors anyhow = "1.0" # Used for detecting the license type of a file askalono = { version = "0.5", default-features = false } # Used to track various things during check runs bitvec = { version = "1.0", features = ["alloc"] } # Much nicer paths camino = "1.1" cfg-expr = "0.17" # Allows us to do eg cargo metadata operations without relying on an external cargo #cargo = { version = "0.71", optional = true } # Argument parsing, kept aligned with cargo clap = { version = "4.5", features = ["derive", "env"] } # Used for diagnostic reporting codespan = { version = "0.11", features = ["serialization"] } codespan-reporting = { version = "0.11", features = ["serialization"] } # Brrrrr crossbeam = "0.8" # Logging utilities fern = "0.7" # Glob matching globset = "0.4" # Native executable detection goblin = { version = "0.9", default-features = false, features = [ "elf32", "elf64", "mach32", "mach64", "pe32", "pe64", "te", ] } # We need to figure out HOME/CARGO_HOME in some cases home = "0.5" # Provides graphs on top of cargo_metadata krates = { version = "0.17", features = ["targets"] } # Log macros log = "0.4" # Faster char searching memchr = "2.7" # Nicer sync primitives parking_lot = "0.12" # Moar brrrr rayon = "1.4" # HTTP client backing gix, we don't use it directly but need it here for configuration # due to ...reasons reqwest = { version = "0.12", default-features = false, features = ["http2"] } # sha-256 hash calculation, already a dependency via rustls/etc ring = "0.17" # Used for interacting with advisory databases rustsec = { version = "0.30", default-features = false } # Parsing and checking of versions/version requirements semver = "1.0" # Gee what could it be serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" # Avoid some heap allocations when we likely won't need them smallvec = "1.9" # Used for parsing and checking SPDX license expressions spdx = "0.10" # Lazy strum = { version = "0.26", features = ["derive"] } # Index retrieval and querying tame-index = { version = "0.16", default-features = false, features = [ "git", "local", "sparse", ] } # Timestamp emission time = { version = "0.3", default-features = false, features = [ "formatting", "macros", ] } # Deserialization of configuration files and crate manifests toml-span = { version = "0.3", features = ["reporting"] } # Small fast hash crate twox-hash = { version = "2.0", default-features = false, features = ["xxhash32"] } # Url parsing/manipulation url = "2.5" # Directory traversal walkdir = "2.3" # We clone/fetch advisory databases [dependencies.gix] version = "0.68" default-features = false features = [ "blocking-http-transport-reqwest", "blocking-network-client", "interrupt", "worktree-mutation", ] [dev-dependencies] # Folder copying fs_extra = "1.3" # Snapshot testing insta = { version = "1.41", features = ["json"] } tame-index = { version = "0.16", features = ["local-builder"] } time = { version = "0.3", features = ["serde"] } toml-span = { version = "0.3", features = ["serde"] } # We use this for creating fake crate directories for crawling license files on disk tempfile = "3.14" # divan = "0.1" # [[bench]] # name = "license_data" # harness = false [profile.dev.package.insta] opt-level = 3 [profile.dev.package.similar] opt-level = 3