magellan 4.13.1

Deterministic codebase mapping tool for local development
Documentation
# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/checks/cfg.html

[graph]
targets = [
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "x86_64-pc-windows-msvc" },
]

[advisories]
version = 2

# === MONITORED — upstream unmaintained, no CVE, no upgrade path ===
# RUSTSEC-2020-0021: rio 0.9.4 use-after-free advisory via sqlitegraph.
#   No fixed rio release is available; Magellan does not expose async future
#   leakage surfaces from rio directly and tracks this as an upstream block.
# RUSTSEC-2025-0141: bincode 1.3.3 unmaintained — crate abandoned, no replacement
# RUSTSEC-2025-0119: number_prefix 0.4.0 unmaintained — needs indicatif to switch
# RUSTSEC-2026-0190: thiserror 1.0.69 Error::downcast_mut unsoundness — magellan
#   does not call downcast_mut on context-wrapped errors (only static derives),
#   so the unsound path is unreachable. Bump to >=1.0.103 pending cargo index
#   sync (local sparse index lacks the 1.0.103 entry as of 2026-07-03).
# RUSTSEC-2026-0186: memmap2 unchecked pointer offset via sqlitegraph. Magellan
#   does not perform user-controlled mmap arithmetic and tracks the upstream
#   dependency for a fixed release.
ignore = [
    "RUSTSEC-2020-0021",
    "RUSTSEC-2025-0141",
    "RUSTSEC-2025-0119",
    "RUSTSEC-2026-0190",
    "RUSTSEC-2026-0186",
]

[licenses]
version = 2
allow = [
    "Apache-2.0",
    "MIT",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-3.0",
    "CC0-1.0",
    "GPL-3.0-only",
    "GPL-3.0",
    "Zlib",
    "BSL-1.0",
    "Apache-2.0 WITH LLVM-exception",
    "CDLA-Permissive-2.0",
]


[bans]
multiple-versions = "warn"
wildcards = "warn"
highlight = "all"

[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-git = []