logos-execution-zone/.deny.toml

# Config file reference can be found at https://embarkstudios.github.io/cargo-deny/checks/cfg.html.

[graph]
all-features = true
exclude-dev = true
no-default-features = true

[advisories]
ignore = [
  { id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" },
  { id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." },
  { id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." },
  { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" },
  { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." },
  { id = "RUSTSEC-2023-0089", reason = "atomic-polyfill is pulled transitively via risc0-zkvm; waiting on upstream fix (see https://github.com/risc0/risc0/issues/3453)" },
]
yanked = "deny"
unused-ignored-advisory = "deny"

[bans]
allow-wildcard-paths = false
multiple-versions = "allow"

[licenses]
allow = [
  "Apache-2.0 WITH LLVM-exception",
  "Apache-2.0",
  "BSD-2-Clause",
  "BSD-3-Clause",
  "BSL-1.0",
  "CC0-1.0",
  "CDLA-Permissive-2.0",
  "ISC",
  "MIT",
  "MPL-2.0",
  "Unicode-3.0",
  "Zlib",
]
exceptions = [
  # TEMP: Pending legal review. Pulled transitively via `risc0-zkvm`
  { name = "downloader", version = "0.2.8", allow = ["LGPL-3.0-or-later"] },
  { name = "malachite", version = "0.4.22", allow = ["LGPL-3.0-only"] },
  { name = "malachite-base", version = "0.4.22", allow = ["LGPL-3.0-only"] },
  { name = "malachite-float", version = "0.4.22", allow = ["LGPL-3.0-only"] },
  { name = "malachite-nz", version = "0.4.22", allow = ["LGPL-3.0-only"] },
  { name = "malachite-q", version = "0.4.22", allow = ["LGPL-3.0-only"] },
  { name = "managed", version = "0.8.0", allow = ["0BSD"] },
]
private = { ignore = false }
unused-allowed-license = "deny"

[sources]
allow-git = [
  "https://github.com/EspressoSystems/jellyfish.git",
  "https://github.com/logos-blockchain/logos-blockchain.git",
]
unknown-git = "deny"
unknown-registry = "deny"

[sources.allow-org]
github = ["logos-co"]
feat(license): MIT/Apache2 license and add `cargo deny` config 2026-01-31 23:13:36 +04:00			`# Config file reference can be found at https://embarkstudios.github.io/cargo-deny/checks/cfg.html.`

			`[graph]`
refactor: split token program into crates 2026-01-16 04:11:33 +03:00			`all-features = true`
			`exclude-dev = true`
feat(license): MIT/Apache2 license and add `cargo deny` config 2026-01-31 23:13:36 +04:00			`no-default-features = true`

			`[advisories]`
			`ignore = [`
			`{ id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" },`
			{ id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." },
			{ id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." },
			{ id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" },
			{ id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." },
add prove feature 2026-02-16 12:26:42 -03:00			`{ id = "RUSTSEC-2023-0089", reason = "atomic-polyfill is pulled transitively via risc0-zkvm; waiting on upstream fix (see https://github.com/risc0/risc0/issues/3453)" },`
feat(license): MIT/Apache2 license and add `cargo deny` config 2026-01-31 23:13:36 +04:00			`]`
			`yanked = "deny"`
			`unused-ignored-advisory = "deny"`

			`[bans]`
			`allow-wildcard-paths = false`
refactor: split token program into crates 2026-01-16 04:11:33 +03:00			`multiple-versions = "allow"`
feat(license): MIT/Apache2 license and add `cargo deny` config 2026-01-31 23:13:36 +04:00
			`[licenses]`
			`allow = [`
			`"Apache-2.0 WITH LLVM-exception",`
			`"Apache-2.0",`
			`"BSD-2-Clause",`
			`"BSD-3-Clause",`
			`"BSL-1.0",`
			`"CC0-1.0",`
			`"CDLA-Permissive-2.0",`
			`"ISC",`
			`"MIT",`
			`"MPL-2.0",`
			`"Unicode-3.0",`
			`"Zlib",`
			`]`
add prove feature 2026-02-16 12:26:42 -03:00			`exceptions = [`
			# TEMP: Pending legal review. Pulled transitively via `risc0-zkvm`
			`{ name = "downloader", version = "0.2.8", allow = ["LGPL-3.0-or-later"] },`
			`{ name = "malachite", version = "0.4.22", allow = ["LGPL-3.0-only"] },`
			`{ name = "malachite-base", version = "0.4.22", allow = ["LGPL-3.0-only"] },`
			`{ name = "malachite-float", version = "0.4.22", allow = ["LGPL-3.0-only"] },`
			`{ name = "malachite-nz", version = "0.4.22", allow = ["LGPL-3.0-only"] },`
			`{ name = "malachite-q", version = "0.4.22", allow = ["LGPL-3.0-only"] },`
			`{ name = "managed", version = "0.8.0", allow = ["0BSD"] },`
			`]`
feat(license): MIT/Apache2 license and add `cargo deny` config 2026-01-31 23:13:36 +04:00			`private = { ignore = false }`
			`unused-allowed-license = "deny"`

			`[sources]`
			`allow-git = [`
			`"https://github.com/EspressoSystems/jellyfish.git",`
			`"https://github.com/logos-blockchain/logos-blockchain.git",`
			`]`
			`unknown-git = "deny"`
			`unknown-registry = "deny"`

			`[sources.allow-org]`
			`github = ["logos-co"]`