diff --git a/Cargo.lock b/Cargo.lock index 0d4f2320cc7d..5abcbd6331c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3307,7 +3307,7 @@ dependencies = [ "serde", "serde_json", "serde_regex", - "sha-1", + "sha1", "sha2", "uncased", "uuid", diff --git a/deny.toml b/deny.toml index 32450471c47e..77b18f8a96f7 100644 --- a/deny.toml +++ b/deny.toml @@ -1,15 +1,33 @@ [bans] multiple-versions = "deny" # Do not add exemptions for duplicate dependencies! Duplicate dependencies slow -# down compilation and bloat the binary. Submit PRs upstream to remove -# duplicated transitive dependencies. If necessary, use patch directives in the -# root Cargo.toml to point at a Materialize-maintained fork that avoids the +# down compilation, bloat the binary, and tickle race conditions in `cargo doc` +# (see rust-lang/cargo#3613). Submit PRs upstream to remove duplicated +# transitive dependencies. If necessary, use patch directives in the root +# Cargo.toml to point at a Materialize-maintained fork that avoids the # duplicated transitive dependencies. # Use `tracing` instead. [[bans.deny]] name = "env_logger" +# Use `md-5` instead, which is part of the RustCrypto ecosystem. +[[bans.deny]] +name = "md5" + +# Use `sha1` instead, which the RustCrytpo ecosystem recently took control of. +# `sha-1` is the older and now deprecated name. +[[bans.deny]] +name = "sha-1" +wrappers = [ + # https://github.com/hyperium/headers/pull/117 + "headers", + # https://github.com/blackbeam/rust_mysql_common/pull/71 + "mysql_common", + # https://github.com/snapview/tungstenite-rs/pull/299 + "tungstenite", +] + # Use `prost` or `protobuf-native` instead. [[bans.deny]] name = "protobuf" diff --git a/src/expr/Cargo.toml b/src/expr/Cargo.toml index 26bed058f154..cf8c260526b7 100644 --- a/src/expr/Cargo.toml +++ b/src/expr/Cargo.toml @@ -42,7 +42,7 @@ regex-syntax = "0.6.27" serde = { version = "1.0.144", features = ["derive"] } serde_json = "1.0.82" serde_regex = "1.1.0" -sha-1 = "0.10.0" +sha1 = "0.10.0" sha2 = "0.10.2" uncased = "0.9.7" uuid = "1.1.2"