emdb 0.9.2

A lightweight, high-performance embedded database for Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

# cargo-deny configuration
#
# Run with `cargo deny check` (install via `cargo install cargo-deny`).
# Enforces license, banned crate, and duplicate-version policies on the
# whole dependency graph. CI gates merges on this passing.

[graph]
# Check the union of features so the encryption stack and bench peers
# are visible to the audit. Targets the current host triple plus the
# Tier-1 ones we ship to.
all-features = true
targets = [
    "x86_64-unknown-linux-gnu",
    "x86_64-apple-darwin",
    "aarch64-apple-darwin",
    "x86_64-pc-windows-msvc",
]

[output]
feature-depth = 1

# ---------------------------------------------------------------------
# Advisories — RustSec advisory database (vulnerabilities, yanked
# versions, unmaintained crates).
# ---------------------------------------------------------------------
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
yanked = "warn"
ignore = [
    # `fxhash` is unmaintained (RUSTSEC-2025-0057) but only enters
    # the dep graph through `sled` 0.34, which we pull in solely
    # behind the dev-only `bench-compare` feature. The advisory is
    # an unmaintained-status notice rather than an exploitable
    # vulnerability, and `sled` 0.34 is itself the transitive root
    # — there is no semver-compatible upgrade. Users building emdb
    # without `bench-compare` (i.e. every production build) do not
    # pull `fxhash` into their tree at all.
    "RUSTSEC-2025-0057",
    # `instant` is unmaintained (RUSTSEC-2024-0384) — same shape as
    # the entry above. It enters via `sled` -> `parking_lot` 0.11
    # -> `parking_lot_core` 0.8 -> `instant`. Dev-only path,
    # advisory is informational, no upgrade available without
    # bumping the entire `parking_lot` major (which `sled` 0.34
    # does not support).
    "RUSTSEC-2024-0384",
]

# ---------------------------------------------------------------------
# Licenses — only ship under licenses we can vendor in commercial
# products. Confidence threshold guards against ambiguous SPDX strings.
# ---------------------------------------------------------------------
[licenses]
confidence-threshold = 0.93
allow = [
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "CC0-1.0",
    "ISC",
    "MIT",
    "MIT-0",
    "MPL-2.0",
    "Unicode-3.0",
    "Unicode-DFS-2016",
    "Zlib",
]
exceptions = []

# ---------------------------------------------------------------------
# Bans — banned crates, wildcards, and duplicate versions.
# ---------------------------------------------------------------------
[bans]
multiple-versions = "warn"
wildcards = "deny"
highlight = "all"
allow = []
deny = []
skip = []
skip-tree = []

# ---------------------------------------------------------------------
# Sources — only allow crates from the official registry. Block
# arbitrary git or alternative-registry sources.
# ---------------------------------------------------------------------
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []