lohr/Cargo.toml
Antoine Martin 7e3c8b8f28 lohr: validate webhook signature
Previously lohr was unusable in a production setting, anyone could forge
a malicious webhook and either:

- mirror a private repo of yours to another remote they own
- wipe a repo of yours by forcing mirroring from an empty mirror

This is no longer the case!
2021-03-30 11:33:42 +02:00

24 lines
643 B
TOML

[package]
name = "lohr"
version = "0.2.1"
authors = ["Antoine Martin <antoine@alarsyo.net>"]
edition = "2018"
license = "Apache-2.0 OR MIT"
description = "A Git mirroring daemon"
homepage = "https://github.com/alarsyo/lohr"
repository = "https://github.com/alarsyo/lohr"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
anyhow = "1.0.40"
hex = "0.4.3"
hmac = "0.10.1"
log = "0.4.14"
rocket = "0.4.7"
rocket_contrib = { version = "0.4.7", features = [ "json" ] }
serde = { version = "1.0.125", features = [ "derive" ] }
serde_json = "1.0.64"
serde_yaml = "0.8.17"
sha2 = "0.9.3"