Merge branch 'ban-more-unwanted-crates'

mullvad · Dec 19, 2024 · e73ab2e · e73ab2e
2 parents d3f6d3c + 2a8442f
commit e73ab2e
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/deny.toml b/deny.toml
@@ -75,13 +75,22 @@ wildcards = "warn"
 highlight = "all"
 
 deny = [
-    # We are using Rustls for TLS. We don't want to accidentally pull in
-    # anything OpenSSL related
+    ## Alternative ecosystems that we don't want to accidentally pull in.
+    ## Having multiple large ecosystems solving the same problem can often be problematic,
+    ## and also expensive from a compile time/binary size/supply chain security perspective.
+
+    # We are using Rustls, so we want to avoid OpenSSL
     { name = "openssl-sys" },
     { name = "openssl-src" },
     { name = "openssl-probe" },
+    # We are using tokio, so we want to avoid async-std
+    { name = "async-std" },
+
+    ## Older versions of crates where we only want to use the newer variants
     { name = "clap", version = "2" },
     { name = "clap", version = "3" },
+    { name = "hyper", version = "0" },
+    { name = "tokio", version = "0" },
     { name = "time", version = "0.1"},
 ]