prax-orm 0.9.5

A next-generation, type-safe ORM for Rust inspired by Prisma
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/

# This section is considered when running `cargo deny check advisories`
[advisories]
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
#
# Every entry must be:
#   (a) a transitive dep we can't directly control,
#   (b) scoped to dev-deps or a backend the user opts into, OR
#   (c) accompanied by a written resolution path (e.g. "waiting for
#       mongodb 3.x migration").
#
# When adding new entries, include the owning upstream crate, the affected
# version range, and the expected path to removal.
ignore = [
    # --- Unmaintained transitive deps ---
    { id = "RUSTSEC-2023-0071", reason = "proc-macro-error is unmaintained (via diesel dev-dep for ORM-comparison benchmarks); resolves when diesel drops it" },
    { id = "RUSTSEC-2025-0134", reason = "rustls-pemfile is unmaintained (via mysql_async); resolves when mysql_async upgrades" },
    { id = "RUSTSEC-2024-0388", reason = "derivative is unmaintained (via mongodb 2.8.x); resolves on mongodb 3.x migration" },
    { id = "RUSTSEC-2025-0057", reason = "fxhash is unmaintained (via cdrs-tokio); no safe upgrade — cdrs-tokio would need to migrate to rustc-hash upstream" },

    # --- Vulnerable / unsound transitive deps scoped to backends ---
    # Diesel SQLite UTF-8 corruption: only affects Diesel's SQLite backend.
    # Prax uses rusqlite / sqlx for SQLite, not Diesel. Diesel is a dev-dep
    # solely for ORM-comparison benchmarks (benches/orm_comparison.rs) and
    # is never shipped to users.
    { id = "RUSTSEC-2026-0111", reason = "diesel SQLite UTF-8 unsoundness: dev-only (ORM benchmark comparison against Diesel); not in the runtime dep tree" },

    # idna 0.2.x Punycode bug: reached via trust-dns-proto 0.21 -> mongodb 2.8.
    # mongodb 3.x drops trust-dns for hickory-resolver which uses idna 1.x.
    { id = "RUSTSEC-2024-0421", reason = "idna 0.2.x (via trust-dns-proto via mongodb 2.8); resolves on mongodb 3.x migration" },

    # rustls-webpki 0.101 name-constraint / CRL panic advisories: reached via
    # rustls 0.21 -> mongodb 2.8 and tiberius 0.12 (MSSQL). Both upstreams
    # need to bump rustls past 0.23 to pick up rustls-webpki 0.103+.
    { id = "RUSTSEC-2026-0098", reason = "rustls-webpki 0.101 URI name-constraint issue (via rustls 0.21 via mongodb 2.8 + tiberius 0.12); resolves on mongodb 3.x + tiberius 0.13+" },
    { id = "RUSTSEC-2026-0099", reason = "rustls-webpki 0.101 wildcard name-constraint issue (via rustls 0.21 via mongodb 2.8 + tiberius 0.12); resolves on mongodb 3.x + tiberius 0.13+" },
    { id = "RUSTSEC-2026-0104", reason = "rustls-webpki 0.101 CRL parsing panic (via rustls 0.21 via mongodb 2.8 + tiberius 0.12); resolves on mongodb 3.x + tiberius 0.13+" },
]

# This section is considered when running `cargo deny check licenses`
[licenses]
# List of explicitly allowed licenses
allow = [
    "MIT",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Zlib",
    "CC0-1.0",
    "Unicode-DFS-2016",
    "Unicode-3.0",
    "OpenSSL",           # ring crate
    "CDLA-Permissive-2.0",  # unicode data crates
    "MPL-2.0",           # commonly used
]
# The confidence threshold for detecting a license from license text.
confidence-threshold = 0.8

# Per-crate exceptions for transitive dependencies
exceptions = [
    { allow = ["ISC", "MIT", "OpenSSL"], crate = "ring" },
    { allow = ["ISC"], crate = "webpki" },
]

# This section is considered when running `cargo deny check bans`
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "warn"
# Lint level for when a crate version has been yanked from its source registry
wildcards = "allow"
# The graph highlighting used when creating dotgraphs for crates with multiple versions
highlight = "all"

# Deny specific crates
deny = [
    # Use thiserror instead
    # { name = "failure" },
]

# Skip specific crate versions for duplicate detection
skip = []
skip-tree = []

# This section is considered when running `cargo deny check sources`
[sources]
# Lint level for crates from unknown registries
unknown-registry = "warn"
# Lint level for crates from unknown git repositories
unknown-git = "warn"
# List of allowed registries
allow-registry = ["https://github.com/rust-lang/crates.io-index"]