[graph] all-features = true [licenses] # Allow the standard permissive and weak-copyleft open-source licenses used # across the dependency tree. Unicode-3.0 is required by the icu_* crates; # BSL-1.0 is used by Boost-derived crates pulled in by pgrx internals. version = 2 allow = [ "Apache-2.0", "MIT", "BSD-2-Clause", "BSD-3-Clause", "ISC", "Unlicense", "Zlib", "BSL-1.0", "Unicode-3.0", ] [advisories] version = 2 yanked = "warn" ignore = [ # paste is used internally by pgrx macros; we have no upstream control over # this dep. Not a vulnerability, only a maintenance status notice. "RUSTSEC-2024-0436", # rustls-pemfile v2 is pulled in by testcontainers/bollard (dev-only path). # Maintenance moved to rustls-pki-types; will be resolved when bollard updates. "RUSTSEC-2025-0134", # serde_cbor is pulled in transitively (dev path). Not a security vulnerability, # only unmaintained. Use of ciborium is the upstream recommendation but we # have no direct control over this dep. "RUSTSEC-2021-0127", ] [bans] multiple-versions = "warn" wildcards = "deny" highlight = "all" # These duplicate versions come from pgrx pulling one version and # testcontainers/bollard pulling another. We have no direct control over these # version skews; they are dev-only or cross-compilation stubs. skip = [ # thiserror: pgrx uses v1, our code and testcontainers use v2 { name = "thiserror", version = "=1.0.69" }, { name = "thiserror-impl", version = "=1.0.69" }, # getrandom: split between pgrx (0.3) and newer crates (0.4) { name = "getrandom", version = "=0.3.4" }, # hashbrown: multiple major versions pulled by indexmap and others { name = "hashbrown", version = "=0.15.5" }, # wasi: 0.11 from older crates, 0.14 from newer wasmtime-based stack { name = "wasi", version = "=0.11.1+wasi-snapshot-preview1" }, # windows-* crates: version skew between ring (0.52) and socket2/hyper-util # (0.53+) pulled by bollard/testcontainers { name = "windows-core", version = "=0.57.0" }, { name = "windows-implement", version = "=0.57.0" }, { name = "windows-interface", version = "=0.57.0" }, { name = "windows-result", version = "=0.1.2" }, { name = "windows-sys", version = "=0.60.2" }, { name = "windows-targets", version = "=0.52.6" }, { name = "windows_aarch64_gnullvm", version = "=0.52.6" }, { name = "windows_aarch64_msvc", version = "=0.52.6" }, { name = "windows_i686_gnu", version = "=0.52.6" }, { name = "windows_i686_gnullvm", version = "=0.52.6" }, { name = "windows_i686_msvc", version = "=0.52.6" }, { name = "windows_x86_64_gnu", version = "=0.52.6" }, { name = "windows_x86_64_gnullvm", version = "=0.52.6" }, { name = "windows_x86_64_msvc", version = "=0.52.6" }, ] [sources] unknown-registry = "deny" unknown-git = "deny" allow-registry = ["https://github.com/rust-lang/crates.io-index"]