# Config file reference can be found at https://embarkstudios.github.io/cargo-deny/checks/cfg.html. [graph] all-features = true exclude-dev = true no-default-features = true [advisories] ignore = [ { id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" }, { id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." }, { id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." }, { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" }, { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." }, { id = "RUSTSEC-2023-0089", reason = "atomic-polyfill is pulled transitively via risc0-zkvm; waiting on upstream fix (see https://github.com/risc0/risc0/issues/3453)" }, ] yanked = "deny" unused-ignored-advisory = "deny" [bans] allow-wildcard-paths = false multiple-versions = "allow" [licenses] allow = [ "Apache-2.0 WITH LLVM-exception", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "BSL-1.0", "CC0-1.0", "CDLA-Permissive-2.0", "ISC", "MIT", "MPL-2.0", "Unicode-3.0", "Zlib", ] exceptions = [ # TEMP: Pending legal review. Pulled transitively via `risc0-zkvm` { name = "downloader", version = "0.2.8", allow = ["LGPL-3.0-or-later"] }, { name = "malachite", version = "0.4.22", allow = ["LGPL-3.0-only"] }, { name = "malachite-base", version = "0.4.22", allow = ["LGPL-3.0-only"] }, { name = "malachite-float", version = "0.4.22", allow = ["LGPL-3.0-only"] }, { name = "malachite-nz", version = "0.4.22", allow = ["LGPL-3.0-only"] }, { name = "malachite-q", version = "0.4.22", allow = ["LGPL-3.0-only"] }, { name = "managed", version = "0.8.0", allow = ["0BSD"] }, ] private = { ignore = false } unused-allowed-license = "deny" [sources] allow-git = [ "https://github.com/EspressoSystems/jellyfish.git", "https://github.com/logos-blockchain/logos-blockchain.git", ] unknown-git = "deny" unknown-registry = "deny" [sources.allow-org] github = ["logos-co"]