[advisories] version = 2 db-path = "~/.cargo/advisory-db" db-urls = ["https://github.com/rustsec/advisory-db"] yanked = "deny" ignore = [ "RUSTSEC-2022-0061", # https://github.com/serai-dex/serai/227 "RUSTSEC-2024-0370", # proc-macro-error is unmaintained "RUSTSEC-2024-0436", # paste is unmaintained ] [licenses] version = 2 allow = [ # Effective public domain "CC0-1.0", "Unlicense", # Attribution required "MIT", "MITNFA", "BSD-2-Clause", "BSD-3-Clause", "ISC", "Zlib", "Unicode-3.0", "CDLA-Permissive-2.0", # Non-invasive copyleft # "MPL-2.0", # Commented as it's not currently in-use within the Serai tree "Apache-2.0", "Apache-2.0 WITH LLVM-exception", "GPL-3.0-or-later WITH Classpath-exception-2.0", ] exceptions = [ { allow = ["AGPL-3.0-only"], name = "serai-env" }, { allow = ["AGPL-3.0-only"], name = "serai-task" }, { allow = ["AGPL-3.0-only"], name = "ethereum-schnorr-contract" }, { allow = ["AGPL-3.0-only"], name = "serai-ethereum-relayer" }, { allow = ["AGPL-3.0-only"], name = "serai-message-queue" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-messages" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-primitives" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-key-gen" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-frost-attempt-manager" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-scanner" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-scheduler-primitives" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-utxo-scheduler-primitives" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-utxo-scheduler" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-transaction-chaining-scheduler" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-smart-contract-scheduler" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-signers" }, { allow = ["AGPL-3.0-only"], name = "serai-bitcoin-processor" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-bin" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-ethereum-primitives" }, { allow = ["AGPL-3.0-only"], name = "serai-ethereum-test-primitives" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-ethereum-deployer" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-ethereum-router" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-ethereum-erc20" }, { allow = ["AGPL-3.0-only"], name = "serai-ethereum-processor" }, { allow = ["AGPL-3.0-only"], name = "serai-monero-processor" }, { allow = ["AGPL-3.0-only"], name = "tributary-sdk" }, { allow = ["AGPL-3.0-only"], name = "serai-cosign-types" }, { allow = ["AGPL-3.0-only"], name = "serai-cosign" }, { allow = ["AGPL-3.0-only"], name = "serai-coordinator-substrate" }, { allow = ["AGPL-3.0-only"], name = "serai-coordinator-tributary" }, { allow = ["AGPL-3.0-only"], name = "serai-coordinator-p2p" }, { allow = ["AGPL-3.0-only"], name = "serai-coordinator-libp2p-p2p" }, { allow = ["AGPL-3.0-only"], name = "serai-coordinator" }, { allow = ["AGPL-3.0-only"], name = "pallet-session" }, { allow = ["AGPL-3.0-only"], name = "serai-core-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-coins-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-dex-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-genesis-liquidity-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-emissions-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-economic-security-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-in-instructions-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-validator-sets-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-signals-pallet" }, { allow = ["AGPL-3.0-only"], name = "serai-runtime" }, { allow = ["AGPL-3.0-only"], name = "serai-node" }, { allow = ["AGPL-3.0-only"], name = "serai-orchestrator" }, { allow = ["AGPL-3.0-only"], name = "mini-serai" }, { allow = ["AGPL-3.0-only"], name = "serai-docker-tests" }, { allow = ["AGPL-3.0-only"], name = "serai-message-queue-tests" }, { allow = ["AGPL-3.0-only"], name = "serai-processor-tests" }, { allow = ["AGPL-3.0-only"], name = "serai-coordinator-tests" }, { allow = ["AGPL-3.0-only"], name = "serai-substrate-tests" }, { allow = ["AGPL-3.0-only"], name = "serai-full-stack-tests" }, { allow = ["AGPL-3.0-only"], name = "serai-reproducible-runtime-tests" }, ] [[licenses.clarify]] name = "ring" version = "*" expression = "MIT AND ISC AND OpenSSL" license-files = [ { path = "LICENSE", hash = 0xbd0eed23 } ] [bans] multiple-versions = "warn" wildcards = "warn" highlight = "all" deny = [ # Contains a non-reproducible binary blob # https://github.com/serde-rs/serde/pull/2514 # https://github.com/serde-rs/serde/issues/2575 { name = "serde_derive", version = ">=1.0.172, <1.0.185" }, # Introduced an insecure implementation of `borsh` removed with `0.15.1` # https://github.com/rust-lang/hashbrown/issues/576 { name = "hashbrown", version = "=0.15.0" }, # Legacy which _no one_ should use anymore { name = "is-terminal", version = "*" }, # Stop introduction into the tree without realizing it { name = "once_cell_polyfill", version = "*" }, # Conflicts with our usage of mimalloc # https://github.com/serai-dex/serai/issues/690 { name = "tikv-jemalloc-sys", version = "*" }, ] [sources] unknown-registry = "deny" unknown-git = "deny" allow-registry = ["https://github.com/rust-lang/crates.io-index"] allow-git = [ "https://github.com/rust-lang-nursery/lazy-static.rs", "https://github.com/kayabaNerve/elliptic-curves", "https://github.com/monero-oxide/monero-oxide", "https://github.com/kayabaNerve/monero-oxide", "https://github.com/rust-rocksdb/rust-rocksdb", "https://github.com/serai-dex/patch-polkadot-sdk", ]