# Config file reference can be found at https://embarkstudios.github.io/cargo-deny/checks/cfg.html.

[graph]
all-features = true
exclude-dev = true
no-default-features = true

[advisories]
ignore = [
  { id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" },
  { id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." },
  { id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." },
  { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" },
  { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." },
]
yanked = "deny"
unused-ignored-advisory = "deny"

[bans]
allow-wildcard-paths = false
multiple-versions = "allow"

[licenses]
allow = [
  "Apache-2.0 WITH LLVM-exception",
  "Apache-2.0",
  "BSD-2-Clause",
  "BSD-3-Clause",
  "BSL-1.0",
  "CC0-1.0",
  "CDLA-Permissive-2.0",
  "ISC",
  "MIT",
  "MPL-2.0",
  "Unicode-3.0",
  "Zlib",
]
private = { ignore = false }
unused-allowed-license = "deny"

[sources]
allow-git = [
  "https://github.com/EspressoSystems/jellyfish.git",
  "https://github.com/logos-blockchain/logos-blockchain.git",
]
unknown-git = "deny"
unknown-registry = "deny"

[sources.allow-org]
github = ["logos-co"]