# `cargo-deny` configuration.

[output]
feature-depth = 1

[graph]
# Check all features except for `exonum-crypto`, which is morally outdated.
# Since the crate isn't actually built for the check, we don't care about conflicting features.
features = ["ed25519-dalek", "ed25519-compact", "rsa", "p256", "k256", "es256k"]

[advisories]
db-urls = ["https://github.com/rustsec/advisory-db"]
yanked = "deny"
ignore = [
  # "Marvin" attack for the `rsa` crate; no fix is available ATM.
  # A warning is added to crate readme and crate docs as a stopgap measure.
  "RUSTSEC-2023-0071",
]

[licenses]
allow = [
  # Permissive open-source licenses
  "MIT",
  "Apache-2.0",
  "BSD-3-Clause",
  "Unicode-DFS-2016",
  # Creative Commons licenses (FSF-approved, not OSI-approved); used by `secp256k1-sys`
  "CC0-1.0",
]
confidence-threshold = 0.8

[bans]
multiple-versions = "deny"
wildcards = "deny"
allow-wildcard-paths = true
skip-tree = [
  # `cortex-m` crates (which are only used in the no-std test crate) have some outdated deps.
  { name = "cortex-m", version = "^0.7" },
  { name = "cortex-m-rt", version = "^0.7" },
]

[sources]
unknown-registry = "deny"
unknown-git = "deny"