Set up cargo deny to deny new dependencies by default.
Mark the two existing dependencies which should be made to go away.
This is a bindings library to boringssl. it should really *not*
need extra dependencies on external crates.
Change-Id: Ia687510247154634e6d8b2be4c2f5840dabc1c89
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58107
Auto-Submit: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/rust/bssl-crypto/deny.toml b/rust/bssl-crypto/deny.toml
index e521047..20fc0c8 100644
--- a/rust/bssl-crypto/deny.toml
+++ b/rust/bssl-crypto/deny.toml
@@ -160,8 +160,19 @@
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# List of crates that are allowed. Use with care!
+# This is meant to control any external dependencies. This is effectively
+# a minimalist binding library and we try to have none, so you are strongly
+# encouraged not to add dependencies here.
allow = [
- #{ name = "ansi_term", version = "=0.11.0" },
+ # bssl-crypto should be allowed, version appropriately.
+ { name = "bssl-crypto", version = "=0.1.0" },
+ # bssl-sys should be allowed, version appropriately.
+ { name = "bssl-sys", version = "=0.1.0" },
+ # libc is used by bssl-sys from android, but is not really needed and should
+ # be removed once this can be checked with android.
+ { name = "libc", version = "=0.2.140" },
+ # hex-literal was added for ease of tests, but should be removed.
+ { name = "hex-literal", version = "=0.3.4" },
]
# List of crates to deny
deny = [