forked from containerd/rust-extensions
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathCargo.toml
42 lines (36 loc) · 1.5 KB
/
Cargo.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[package]
name = "containerd-client"
version = "0.2.0"
authors = ["Maksym Pavlenko <[email protected]>", "The containerd Authors"]
description = "GRPC bindings to containerd APIs"
keywords = ["containerd", "client", "grpc", "containers"]
categories = ["api-bindings", "asynchronous"]
edition.workspace = true
license.workspace = true
repository.workspace = true
homepage.workspace = true
[dependencies]
tonic = "0.8"
prost = "0.11"
prost-types = "0.11"
tokio = { version = "1.18", optional = true }
tower = { version = "0.4", optional = true }
# tonic v0.8.1 depends on axum-core v0.2.2, which has security vulnerability:
# = ID: RUSTSEC-2022-0055
# = Advisory: https://rustsec.org/advisories/RUSTSEC-2022-0055
# = `<bytes::Bytes as axum_core::extract::FromRequest>::from_request` would not, by
# default, set a limit for the size of the request body. That meant if a malicious
# peer would send a very large (or infinite) body your server might run out of
# memory and crash.
#
# This needs to be removed once newer version of tonic is released.
axum-core = ">=0.2.8"
[build-dependencies]
tonic-build = "0.8"
[features]
connect = ["tokio", "tower"]
# Technically Tonic doesn't require Tokio and Tower dependencies here.
# However we need them to implement `connect` helper and it's highly unlikely
# that Tonic will be used with any other async runtime (see https://github.com/hyperium/tonic/issues/152)
# So we enable `connect` feature by default (use `--no-default-features` otherwise).
default = ["connect"]