Set up cargo deny to deny new dependencies by default. Mark the two existing dependencies which should be made to go away. This is a bindings library to boringssl. it should really *not* need extra dependencies on external crates. Change-Id: Ia687510247154634e6d8b2be4c2f5840dabc1c89 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58107 Auto-Submit: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/rust/bssl-crypto/deny.toml b/rust/bssl-crypto/deny.toml index e521047..20fc0c8 100644 --- a/rust/bssl-crypto/deny.toml +++ b/rust/bssl-crypto/deny.toml
@@ -160,8 +160,19 @@ # * all - Both lowest-version and simplest-path are used highlight = "all" # List of crates that are allowed. Use with care! +# This is meant to control any external dependencies. This is effectively +# a minimalist binding library and we try to have none, so you are strongly +# encouraged not to add dependencies here. allow = [ - #{ name = "ansi_term", version = "=0.11.0" }, + # bssl-crypto should be allowed, version appropriately. + { name = "bssl-crypto", version = "=0.1.0" }, + # bssl-sys should be allowed, version appropriately. + { name = "bssl-sys", version = "=0.1.0" }, + # libc is used by bssl-sys from android, but is not really needed and should + # be removed once this can be checked with android. + { name = "libc", version = "=0.2.140" }, + # hex-literal was added for ease of tests, but should be removed. + { name = "hex-literal", version = "=0.3.4" }, ] # List of crates to deny deny = [